Pkafkas
asked on
Why does this new Anti Virus version of FortiClient cause slowness when operating in our Netscaler Web portal?
Hello:
We use a free Anti-virus/VPN program called FortiClient at my work. We actually use a Fortinet 100D firewall so we can VPN into our corporate network from remote locations. Most of our client devices are using FortiClient version 5.2.3 and our Fortinet has a 5.24 version installed.
Some of our users also connect to Citrix from a Netscaler web portal. We have Netscaler version 10.5 installed and it is working very well. It was updated in July 2015. No problems since we have begun using the web portal.
I noticed that FortiClient version 5.4 was made available and I downloaded it on a test laptop. The VPN and remote desktop work correctly; but whenever I connect to the Netscaler on this laptop there is significant latency. Just using explorer and using any program on the Citrix system. The same slowness is not visible if one connects via VPN and Remote Desktop. Only when the Netscaler connection is established. If I log out of the same Netscaler Citrix session and shut down the FortiClient program and then re-launch my Netscaler Citrix session, there is no slowness at all.
I have noticed this problem on 3 different computers/laptops. 2 x Windows 7 Pro 64 bit computer towers and 1 x Windows 8.1 Surface pro. tablet. The results are exactly the same. Incidentally if each test computer un-installs the rouge 5.4 version and then installs FortiClient 5.2.3 there is no slowness problem with the Netscaler.
I have run Wireshark and created a log of the events; but, I am not sure what to look at. I am not sure what to look for either and thus far Fortinet Support has not provided any direction. Any suggestions?
We use a free Anti-virus/VPN program called FortiClient at my work. We actually use a Fortinet 100D firewall so we can VPN into our corporate network from remote locations. Most of our client devices are using FortiClient version 5.2.3 and our Fortinet has a 5.24 version installed.
Some of our users also connect to Citrix from a Netscaler web portal. We have Netscaler version 10.5 installed and it is working very well. It was updated in July 2015. No problems since we have begun using the web portal.
I noticed that FortiClient version 5.4 was made available and I downloaded it on a test laptop. The VPN and remote desktop work correctly; but whenever I connect to the Netscaler on this laptop there is significant latency. Just using explorer and using any program on the Citrix system. The same slowness is not visible if one connects via VPN and Remote Desktop. Only when the Netscaler connection is established. If I log out of the same Netscaler Citrix session and shut down the FortiClient program and then re-launch my Netscaler Citrix session, there is no slowness at all.
I have noticed this problem on 3 different computers/laptops. 2 x Windows 7 Pro 64 bit computer towers and 1 x Windows 8.1 Surface pro. tablet. The results are exactly the same. Incidentally if each test computer un-installs the rouge 5.4 version and then installs FortiClient 5.2.3 there is no slowness problem with the Netscaler.
I have run Wireshark and created a log of the events; but, I am not sure what to look at. I am not sure what to look for either and thus far Fortinet Support has not provided any direction. Any suggestions?
You need to add the folders on the server to the Fortinet exclusion list on the clients. Whats happening is that it is scanning the folder for infected files before it lets a user access the contents:
http://docs-legacy.fortinet.com/fclient/FortiClient-UG/wwhelp/wwhimpl/common/html/wwhelp.htm?context=fgt&file=Antivirus.8.6.html
http://docs-legacy.fortinet.com/fclient/FortiClient-UG/wwhelp/wwhimpl/common/html/wwhelp.htm?context=fgt&file=Antivirus.8.6.html
ASKER
Hello David,
I will read the article that you posted; but, which folders are you referring to? This is a web portal access a Citrix Server via an ICA protocol.
I will read the article that you posted; but, which folders are you referring to? This is a web portal access a Citrix Server via an ICA protocol.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The web portal is running on Linux and I do not believe it has any AV software. The portal is a Citrix NetScaler portal, not a Fortinet portal.
The NetScaler server is not the problem, the new FortiClient software is the problem. Again, if one is using FortiClient version 5.2.3, there is no slowness when connecting via the Citrix Netscaler.
There is an option to only install the 'VPN' part of the software on the laptop. If we do that, then there is no slowness. I have created a case with Fortinet support; but, they have not found a solution yet. This appears to be a problem with the new FortiClient AV software client. My original question is what should I look for in the WireShark logs?
The NetScaler server is not the problem, the new FortiClient software is the problem. Again, if one is using FortiClient version 5.2.3, there is no slowness when connecting via the Citrix Netscaler.
There is an option to only install the 'VPN' part of the software on the laptop. If we do that, then there is no slowness. I have created a case with Fortinet support; but, they have not found a solution yet. This appears to be a problem with the new FortiClient AV software client. My original question is what should I look for in the WireShark logs?
Far more activity accessing the web portal than you have using the 5.2.3 version.
would suggest to use netstat at the client to check for syn sessions.
i think the vpn-client try to check the certificate or content of the webpage but external access is blocked.
do you use storefront behind netscaler?
which design do you use?
i think the vpn-client try to check the certificate or content of the webpage but external access is blocked.
do you use storefront behind netscaler?
which design do you use?
ASKER
Yes, we use storefront behind the NetCcaler (Version 10.5).
Possible the selected Design within sf is the source of the slowness.
Try the default Design.
... Should be Green bubbles.
Try the default Design.
... Should be Green bubbles.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This problem is FortiClient AV version specific. Only FortiClient could fix this; but, replcing the AV would not have fixed the problem becasue we still needed to use Forticlient for the VPN piece. Unless we installed the FortiClient VPN piece and instlaled something else for AV; but, that is a work-around not a fix.
I appreciatr thr effort.
I appreciatr thr effort.
Once I found f-prot to be least resource hungry of all (and not expensive)
But probably times change, and you can fetch list of antiviruses from wikipedia and benchmark them side by side.