Anyone else experiencing very slow web browsing after upgrading your MXes to firmware 17.10.2? I know that content filtering was switched to Talos in the upgrade. I suspect that has something to do with it, some aggressive content filtering going on. Has anyone heard from Meraki or come up with some workarounds for this?
Solved! Go to Solution.
This might be the 100th post about slow browsing speed with MX 17.10.2 despite the version being Stable.
Still no official comment from Meraki and nothing listed as known issues in the changelog is very worrying.
I have a case open with Meraki regarding this..
It is the exact same experience we had with version 15 and 16 of firmware when you enabled the "Full list" option in content filtering.
In version 17 there is no option to select "Top list" or "Full List" since they moved from "Bright cloud" to "Cisco Talos Intelligence" so my first thought is that they are now using the process for "Full list" as standard.
This heavily leans on the MX cache to speed things up (we are running MX 250) I'm not sure how long the cache TTL is (how long a record stays in the cache) or how large the cache is (how many records are kept until they are cycled in for newer results)
regardless of this though.. its the initial lookup of the site that is slow.. so cache wont make a difference until after the first lookup.
As we speak the Meraki support agent just captured a "slow" site lookup... ill keep you posted.
OK so they think they may have possibly found a bug... needs confirming BUT this is what it looks like from a flow caputre.
We attempted to access a website not in the cache (my local gym of all things)
The category look up completed in 27ms (great nice a n quick) however the MX seems to.... ignore the result... waits about 1 second and tries again... it loops like this for about 10 seconds until it finally accepts the category response and allows the connection.
so it does not look like a cloud response time issue.. and more of a MX firmware bug... ill keep you posted when I get an update
Glad it is limited to only that model for you. Unfortunately we saw the issue on everything we upgraded. We have a variety of the MXes from MX67 to MX450.