For the past few months some of our clients have been complaining about slow web surfing. Randomly, when they try to load a page, it sometime takes up to a minute. They all are on the same simple configuration and template :
After few tickets to the ISP and troobleshooting, we've dismissed any problem on the layer 1 and 2 on the network and started taking packet captures of the TLS handshake on different locations of the network.
We've observed that, randomly, the first few "client hello" packets that were sent, were not transmitted on the wan interface of the MX64.
Switch uplink packet capture (1.2 sec delay between captures):
Wan interface capture :
It looks like the MX64 forbid the connection to this website. However no log on the secure gateway show that it is the case (and the url isn't blocked by content filtering) and no layer 3 nor layer 7 forbid the access to this server / port. And as I said before, the client manages to have access to the website after around a minute of waiting / reloading.
The firmware of the MX is 16.16 but we've already witnessed the issue on previous versions. No temparature / CPU alerts. I have already created a case on Meraki's Dashboard and currently waiting for a response.
My questions are :
1) Has this kind of issue already happened to you ? If yes, what was the cause ?
2) Am I missing something / is there a lead I haven't followed yet ?
Do you have content filtering with "Full List" enabled? I have seen this behaviour in this case (but not always).
Yes the URL category list size is on Full list and we have around 100 whitelisted URL and 600 blacklisted + 30 ish categories. It probably has an impact on performance but 60s seems a bit too much.
Can you try from a browser with secure dns/doh disabled
DoH is already disabled on their browser, the DNS is located on their internal network.
So I've double checked and DoH is disable on chrome not by GPO but by their Google admin. Furthermore, I can see traffic on udp port 53 in the packets captures.
What could be the issue if it was in fact enabled ?
Hi Ludod,
Did you solve the problem? I have a machine with same behavior.
Regards