Very slow loading for some websites


Some websites load very slowly via the ProxySG, but quickly when accessed directly (e.g. when proxySG is bypassed)


Some DNS servers respond slowly or not at all.   This is most often an issue when queried for IPv6 (AAAA) records, but can be an issue for other queries sent from a ProxySG.



Out of the box SGOS 5.3 will be IPv6 enabled. This means it will fire away AAAA queries before falling back to A queries.

In some cases this may slow down your SG considerably.

To fix this login on the serial console or telnet/ssh to the unit and switch it off:


conf t
ipv6 diable

If this does not resolve the problem, the next thing to do is to configure the ProxySG to no longer do it’s own DNS lookups, but rather to use the destination IP address supplied by the client (assuming inline/transparent proxy, such as with WCCP).

This is done by configuring ‘trust-destination-ip enable’ in the ProxySG.  First, check the current setting by entering ‘show trust-destination-ip’ in the CLI, and if this is not enabled, enter ‘trust-destination-ip enable’.

With ‘trust-destination-ip’, the ProxySG will no longer do it’s own DNS lookups, but will use the IP the client was originally trying to connect to before the traffic was intercepted with WCCP.   This was needed to resolve the problem.  The primary drawback to enabling ‘trust-destination-ip’ is that it trusts the user workstation;   enabling this can allow savvy users to bypass URL filtering and access prohibited websites.

Was this article helpful?

Related Articles

Leave A Comment?

You must be logged in to post a comment.