One of our customers is using WebMarshal for HTTP/HTTPS URL filtering and content scanning. The WebMarshall software is installed on two Microsoft ISA 2003 servers. These ISA servers are behind a Cisco Content Switch for load-balancing and redundancy purposes.
The problem with the WebMarshal is the PERFORMANCE. Internet browsing with the WebMarshal as proxy just doesn’t perform. I tried to troubleshoot the WebMarshal to check where the performance problems are coming from, but you cannot troubleshoot the software on a decent way. I disabled the Access Policies, and guess what, the performance is great. I added a allow all rule on top of every Access Policy subcategory, but no success.
I know the customer is running an old version (3.0.x), and of course if you contact the supplier, the first thing they say is: “Upgrade to the last version!!”. It seems the solution is always upgrading the last version. The second thing the supplier told us, was using Microsoft Network Load Balancing and not the Content Switches. Sadly the customer is using HP ProCurve switches, which don’t support static ARP entries. So NLB is no option.
But again, I give them the benefit of the doubt, so we will install two new servers, which are dedicated for WebMarshal software. Still the servers will be behind the Content Switch, because I believe that the Content Switches are the reason for the bad performance.
I will tell you more about the outcome of the latest version of WebMarshal on dedicated hardware. My opinion so far: “Feed the WebMarshal software to the dogs and buy something else!!!!!!!!!!”