The following applies if there are performance issues on the web prevent servers, also ICAP requests queuing on the proxy servers etc. The following are a few factors which control the performance on the web prevent server
- The web prevent server may need to be properly tuned. Please see the tuning guide above.
- The size of the ICAP requests which can be configured through enforce under the configure page of the web prevent server. The smaller the size the higher the CPU utilization. The size is 4KB by default.
- The detection time of every single ICAP request. This can be observed by enabling the detection trace logging under file readerlogging.properties (symantecDLP\protect\config\ directory on the detection server), the setting is OFF by default it needs to be switched to FINE, it will generate a file, which would contain how long the detection server takes to process the incoming requests. Generally for 4KB ICAP requests, the time taken to process the requests should be in the range of 100-500ms (this may vary), depending on the complexity of the policies.
- The policies need to be fine tuned to reduce this processing time which in turn improves performance.