Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
11-13-2014 11:56 AM
We are having horrible delays with email taking up to 30 minutes to be delivered. Our email servers send mail to a 3rd party email security provider. So, I disabled DSRI from our SMTP server to their SMTP server. Email speed was back to being delivered in seconds. I wanted to have someone else confirm that my thinking is correct on this that it was the right thing to disable?
11-13-2014 12:21 PM
Hello,
Yes, it will not have any negative impact, but it will speed up the performancee. Typically DSRI is used in environments where internal servers are trusted and protected by the firewall. In these cases, content inspection can be configured for only client to server (internet users to internal servers) traffic using the DSRI option. By doing this, the Server to Client flow (internal servers to internet clients) is skipped after sufficient data has been inspected by the firewall.
Thanks
11-13-2014 03:10 PM
Hi Abrrymn,
Following document should be helpful.
Improving Performance of HTTP with DSRI
Regards,
Hardik Shah
11-13-2014 12:21 PM
Hello,
Yes, it will not have any negative impact, but it will speed up the performancee. Typically DSRI is used in environments where internal servers are trusted and protected by the firewall. In these cases, content inspection can be configured for only client to server (internet users to internal servers) traffic using the DSRI option. By doing this, the Server to Client flow (internal servers to internet clients) is skipped after sufficient data has been inspected by the firewall.
Thanks
11-13-2014 03:10 PM
Hi Abrrymn,
Following document should be helpful.
Improving Performance of HTTP with DSRI
Regards,
Hardik Shah
09-13-2019 02:39 AM
Can DSRI be enabled for any thing any rule or is this only helpful in case of HTTP requests.
09-14-2019 06:05 AM
The rule of thumb is DSRI should only be used for internal traffic, and not for Internet based traffic.
It is OK to have an Internet user check their mail (in your DMZ) and have DSRI on the DMZ (because DMZ is hardened OS, etc)
But is it really not permittable to have DSRI out to Internet (to speed up) because of potential malware, vuln, spyware, 0 day, etc.
Does this help answer your question?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
