troubleshooting Question

Cisco 1720 router using n2h2 web filtering: speed issue

Avatar of illbydes
illbydes asked on
Software Firewalls
4 Comments1 Solution573 ViewsLast Modified:
(Posting to firewalls section because I found several posts about n2h2 filtering here already).

A client of mine has been using n2h2 web filtering for several years now.  (Now it's "Secure Computing" not n2h2, but cisco syntax uses old name).   The SecureComputing s/w is running on a RedHat Linux server that exceeds all the specs provided by the manufacturer.  

The router is a Cisco 1720, running flash image c1700-o3y-mz.122-15.T12.bin which is one of those that supports n2h2 filtering.  It reports:  
     cisco 1720 (MPC860T) processor (revision 0x601) with 24576K/8192K bytes of mem

Mostly, the filtering has worked well.  Once configured, it has worked without a hiccup, and since it's done at the router, nobody can bypass, like might in theory be possible with a proxy.  Speed for basic surfing has been ok, too, but we do notice large downloads take longer than they should.  Now here's the real problem-- recently they've had a reason to start using a proprietary website that generates a lot of graphics (maps) on the fly.  I think it's done by a customized java applet that layers images in an IE window.  This particular site, required by an important user, is simply impossible to use because of speed issues.  Minutes and minutes without a completed image appearing on screen.   From outside their office, it works fine, and when I have temporarily removed the lines that enable web filtering on the router, the page appears quickly there too.  So we have established that the slowness is directly related to filtering.  

How can I speed up access to the required site, still keep n2h2 filtering, and keep doing it on the router rather than on a separate proxy box?  I wonder if a new router, or more memory (if possible, not sure if there's even room now) might increase performance.  Or a new router image, since this one doesn't seem to offer all the commands that Cisco's site seems to expect.  (Notably, there's a command that is supposed to be recognized according to Cisco relating to java applet filtering, but it is not available when I try to configure it on the router.)  Thoughts?  

Secure Computing tech support has not been much help.  They want to pass the buck to Cisco without offering much in the way of suggestions.  Thanks.  
ASKER CERTIFIED SOLUTION
calvinetter

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 4 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros