EFW Support

Made a clear instalation Endian 3.0 to migrate the existing endian firewall 2.5.1
My scenario:
+ / -: 200 users with no transparent proxy
Two user groups in Active Directory where one group has access to everything.
The second group involves the proxy filters where there locks pornography ... social networks ... etc. ..
I found that in version 3.0 the dansguardian was discontinued and now it is responsible C-icap for webfiltering.

After configuring everything, when I put on production, after the 5m CPU server is glued to the icap service and no one can do anything.

The rules were downloaded and confirmed, I disabled anti-virus .. etc ... and I created a rule in webfilter which pass all for everything .. and as such, works well ... only when I force the lands limited to using the filters group.

Someone already found this problem, and have no idea how to fix it?

thank you

Is your filter actually working?? Mine and several other people say it is not.

HI,

Yes, filters work but fow a few minutes, because the cpu server overload after a few minutes (2/3m).

Hello,

I have the same issue.
I have a test server with 8 cores and only 2 users for testing.
When I surfed to a gaming site (spel.nl) the load for all 8 cores went to 100% for 10 seconds.

So far I found out that de-selecting porn in the webfilter results that the load goes down from 100 to 30%.

Greetings Jos

Did you guys download the last update?

I install the version 3.0 only.

Have any updates this version?

How i update this version?

There is an update since then that seemed to have solved the problems. 
efw-upgrade -s

Hello,

I have exactly the same problem with a new install of Endian 3.0

I made the install 3 times and still the same result : I-cap + Webfilter = 100 CPU

Any idea?

I have the machine in production for a year now.
Same problem with web filter.
When i choose porn filter the CPU is at the max, with one client, with 2 clients, etc.
I give up for the moment :).

Same Problem here - still no solution?  ???

I had I-Cap on IpCop-Copfilter and it worked flawless :(

Enable event notification can help determine if ENDIAN is being attacked by ssh.
If web proxy is enabled, the CPU reach over 100%( four 4 CPU), can be observed in the system tab, hardware information. three facilities that I have, two I had to disable web proxy. in my case it's no problem for many users.
note that if changes are made directly with VI to /etc/squid/squid.conf these are lost when you change the WebGUI.

DAVEVO Davevo publishes this solution:

I made the change and gave me problems "cache_dir aufs /var/spool/squid 40000 16 256" by
cache_dir rock /var/spool/squid 50000 max-size=32768 (this original ENDIAN 3.0)

hosts_file /etc/hosts
dns_nameservers x.x.x.x x.x.x.x
cache_replacement_policy heap LFUDA
cache_swap_low 90
cache_swap_high 95
maximum_object_size_in_memory 50 KB
cache_dir aufs /var/spool/squid 40000 16 256
cache_mem 100 MB
logfile_rotate 10
memory_pools off
maximum_object_size 50 MB
quick_abort_min 0 KB
quick_abort_max 0 KB
log_icp_queries off
client_db off
buffered_logs on
half_closed_clients off

It is now lightening fast! Hope that helps someone else...

any other option?, CLEARS THE CONFIGURATION VIA WEB

I disabled ISP on port 80 and port 443 in the section Outgoing traffic firewall and everything became more fluid.  :o