Download Troubleshooting Slow Browsing

Troubleshooting Slow Browsing
Troubleshooting Slow Browsing
Applicable Version: 10.00 onwards
Scenario
This article provides step-by-step instructions for troubleshooting slow Internet browsing in a network.
Troubleshooting Steps
If you experience slow browsing in your network, follow the steps given below to troubleshoot the
issue.
Step 1: Verify DoS Settings
One major reason for slow browsing is an ongoing DoS or DDoS attack. It may be possible that DoS
settings are not enabled in Cyberoam, hence attack was not detected, or the settings are
inappropriate.
For Troubleshooting:

Check if DoS Settings are enabled from the Dashboard, under DoS Attack Status doclet.

Check if DDoS related IPS policies are configured under IPS > Policy > Policy.

If not configured prior, you can configure DoS and DDoS prevention mechanisms by referring to
the article How To – Prevent DoS and DDoS Attacks using Cyberoam.
Note:
-
Unless specifically advised by Cyberoam Support, do not enable the TCP Flood settings.
For optimum results, periodically check the DoS alerts and if any legitimate traffic is dropped, readjust the Packet rate per source and Burst rate per source values.
Configure a DoS Bypass Rule for a specific IP address if its legitimate traffic is dropped. Refer to
the article How To – Configure DoS Bypass Rule.
Step 2: Check DNS Configuration
The following may be the reasons for slow browsing:
Case 1
An Internal DNS server is configured for LAN users and all DNS requests are directed to it. Issues
with the Internal DNS Server or the External DNS Server, to which it forwards requests, may result in
overall slow browsing.
Resolution: To resolve this issue, contact appropriate administrators or Server vendors.
Troubleshooting Slow Browsing
Case 2
Multiple ISP Links are terminated on Cyberoam and user systems are configured with a particular
ISP’s DNS. In this case, the outgoing DNS traffic gets load balanced. Hence, Two (2) possibilities
occur:
-
If a DNS request travels through the ISP Link whose DNS is configured in user’s system, the
request is resolved and turnaround time is good.
If a DNS request travels through another ISP Link, the request is dropped because the DNS
configured in user’s system does not match ISP’s DNS.
This results in only partial DNS requests in the network to be resolved, which ultimately leads to slow
browsing.
Resolution: Configure a Static Route in Cyberoam that forwards all DNS Traffic to the ISP Link
whose DNS is configured in user’s systems. You can configure Static Routes from Network > Static
Route > Unicast.
Consider an example where the ISP has given a DNS Server IP Address 203.88.56.23 for the
gateway IP Address 192.168.1.254. For this, the Static Route is as follows.
Case 3
Cyberoam LAN IP is configured as DNS in user systems. Issues with DNS configuration in Cyberoam
may lead to slow browsing.
Resolution: Follow the instructions given below to troubleshoot DNS configuration in Cyberoam
1. Login to Cyberoam Web Admin Console with user having read-write administrative rights over
relevant features.
2. Go to System > Maintenance > Services to check if DNS Service is running. If service is
stopped, restart it by clicking Start. If issue persists, contact Cyberoam Support.
Troubleshooting Slow Browsing
3. If the DNS service is running, then check query response time by performing a Name Lookup of
any domain like google.com. To perform Name Lookup, go to Network > DNS > DNS and click
Test Name Lookup.
4. Specify google.com as host name and click Test Connection.
5. The following Result is displayed. Result is dependent on individual networks.
Troubleshooting Slow Browsing
6. Cyberoam resolves queries using DNS Servers in a top to bottom order. Hence, compare the
response times of each Server and place the Server with the least response time at the top. Here,
we see that 8.8.8.8 has taken the least time. So, place 8.8.8.8 at the top of the DNS List using
Move Up and Move Down buttons.
Note:
It is recommended to use 127.0.0.1 as the Primary DNS Server if Cyberoam is used as a Direct Proxy
Server (Cyberoam LAN IP configured as Proxy Server in browsers) OR if Cyberoam LAN IP is
configured as DNS in all user systems. 127.0.0.1 is Cyberoam loop back local DNS Server which
directly resolves queries from Root DNS servers and caches them locally. This ensures that repeat
queries are resolved much faster.
Step 3: Check for Packet Loss within the Network
Loss of packets during transmission between network nodes may result in reduced browsing speeds.
Resolution: To check for Packet Loss, follow instructions given below.
1. Login to any network node and execute the PING command to any host on the Internet. For
example, here, we have executed ping to 8.8.8.8 from a windows machine.
Troubleshooting Slow Browsing
The above screen shows a 40% packet loss.
2. Execute a trace route command to any host on the Internet to find out where the packet loss is
taking place. For example, here, we have executed the tracert command to 8.8.8.8 from a
windows machine.
3. As shown above, packets are lost in transmission. A possible cause for it can be Bandwidth
Congestion. To troubleshoot this issue:
- Increase the available bandwidth in the network.
- Optimize bandwidth usage in the network by Bandwidth Shaping or applying other QoS
Policies using Cyberoam.
4. Packets could also be lost while transmitting from network node to Internet if certain kind of traffic
is not allowed through Cyberoam. In Cyberoam, go to Firewall > Rule > Rule and check if any
traffic is filtered out.
5. Packet loss could also be a result of faulty network hardware or cables. Physically check the
network nodes for loose cables or faults. If necessary, replace the faulty hardware.
Step 4: Check for Interface Collisions and Errors
Improper Link Speed and Duplex negotiation between Cyberoam WAN Port and upstream router can
be a reason for less browsing speeds. Another reason could be an IP Conflict between Two (2) or
more interfaces of Cyberoam.
Resolution: To check for Interface errors, follow instructions given below.
1. Login to Cyberoam CLI and choose option 4. Cyberoam Console.
Troubleshooting Slow Browsing
2. Execute the command:
console> show network interfaces
3. As shown, there should be no errors and dropped packets. If errors exist, execute the same
command a few times and observe the number of errors. An increasing number of errors implies
poor connectivity, and hence, slow browsing. To troubleshoot the issue:
- Replace the cables connected to the interface(s) showing errors.
- If Cyberoam is directly connected to an upstream router, insert a switch between them.
4. The auto-negotiated Interface Speed should be a Full Duplex connection. If any interface has
negotiated with a Half Duplex, manually set the Interface Speed to match that of the peer device.
To set the interface speed:

Go to Network > Interface > Interface and select the required Interface.
Troubleshooting Slow Browsing

Under Advanced Settings, select the appropriate Interface Speed to match the peer device.
Here we have selected 100 Mbps Full Duplex.
Step 5: Verify Gateway Failover Condition and Health of ISP Link
The following may be the reasons for slow browsing:
Case 1
Improper Gateway Failover Condition might cause Cyberoam to detect inaccurate gateway status.
Resolution: To verify Gateway Failover Condition, follow instructions given below.
Go to Network > Gateway > Gateway and select the required Gateway to check its failover
condition. We recommend keeping a failover condition that performs check on either Global DNS
Servers, like 4.2.2.2 and 8.8.8.8, or other reliable Global IP Addresses on the Internet.
Troubleshooting Slow Browsing
Case 2
Poor Internet connectivity on the gateway because of a fluctuating ISP Link leads to slow browsing.
.
Resolution: To check Internet Connectivity, follow instructions given below.
Go to System > Diagnostics > Tools and Ping any external host like yahoo.com with packet size
1000 using each Cyberoam WAN Port (Gateway).
If there are any errors or packet loss, contact your ISP.
Step 6: High Resource Utilization Exceeding Maximum Capacity
High utilization of resources such as bandwidth and processors result in slow browsing
Resolution: Check resource utilization from System > Diagnostics > System Graphs. You can view
live and historical information of CPU Usage, Memory Usage, Disk Usage, Load Average, Users
information, WAN Zone and Interface Data. Here we have shown information for CPU and Memory
Usage, and Interface Data.
If you observe continuous high utilization of bandwidth on any WAN Interface reaching the Maximum
bandwidth available from ISP, you can either consider increasing the Maximum Bandwidth Limit from
the ISP or try analyzing surfing patterns in the network to apply appropriate Internet Access Policies
like Web Filter, Application Filter and QoS Policies.
If you observe continuous high utilization for any of the system resources like CPU or Memory,
contact Cyberoam Support.
Troubleshooting Slow Browsing
Troubleshooting Slow Browsing
Troubleshooting Slow Browsing
Step 7: The PLAIN Firewall Rule Check
If the slow browsing issue still persists perform the PLAIN Firewall Rule check. Create a firewall rule
that allows all traffic without scanning, as shown below, and place it on top of all other firewall rules
created.
Resolution:
Once Plain Firewall Rule is created, contact Cyberoam Support for further analysis of security
scanning process in your Appliance.
Document Version: 2.1 – 9 September, 2014