Nod Rendering SSTP Connections Unusable?

Discussion in 'ESET NOD32 Antivirus' started by CallMeAl, Dec 19, 2009.

Thread Status:
Not open for further replies.
  1. CallMeAl

    CallMeAl Registered Member

    Joined:
    Sep 4, 2008
    Posts:
    8
    I've recently implemented a Server 2008 SSTP based VPN in our office. I've noticed that if I connect via a client system running Nod32 in its default state, the SSTP connection is so slow as to be utterly unusable. It takes 20 to 30 seconds for the contents of a remote shared folder to be displayed. As a test, I tried to copy 900 megs worth of data from a folder on the server to my local machine. The estimated time to completion was over 10 hours.
    I've tried adding the address of our SSTp VpN server to the exclusion list under HTTP, HTTPS configuration, but to no avail. The only way I can improve performance is to disable HTTP, HTTPS checking altogether, and then restart my system. After doing so, the difference is greater than night and day. That same 900 megs worth of data that was going to take 10
    hours with HTTP checking enabled, finishes copying in less than 15 minutes.

    Any thoughts would be much appreciated. I can't imagine there isn't a workaround to this problem?
    Many thanks,

    --Al
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    until resolved, you did find the workaround by disabling http/s checking :)
     
  3. CallMeAl

    CallMeAl Registered Member

    Joined:
    Sep 4, 2008
    Posts:
    8
    Is it enough to just remove 8080 from the list of ports to check? I can't remember now if I tried that or not. I may have tried that before I realized I needed to reboot for changes to take effect. As it stands right now, I've disabled HTTP checking altogether, which I wouldn't consider an acceptable solution to deploy to my clients.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Try the following:
    - in the main setup (F5), navigate to Antivir. and antispyware -> Protocol filtering -> SSL and change filtering mode to "Always scan SSL protocol"
    - in Antivir. and antispyware -> Web access protection -> HTTP,HTTPS change HTTPS filtering mode to "Do not use HTTPS protocol checking"
     
Thread Status:
Not open for further replies.