In an ADN environment (ADN and web filtering/caching in the same edge/core ProxySG) experiencing slow web browsing and/or failed web download from multiple web sites.
First, check if there are separate HTTP proxy services for Intranet and Internet bound traffic.
If there are no separate HTTP proxy services, define two separate HTTP proxy services: one for Intranet bound (using specific address under listeners) with "Enable ADN" selected; one for Internet bound (using "ANY" address under listeners) with "Enable ADN" deselected.
If there are separate HTTP proxy services, the one for Intranet bound must have "Enable ADN" selected and the one for Internet bound is recommended to have "Enable ADN" deselected.
This configuration is recommended because ADN will insert the ProxySG's serial number into the TCP options field. Firewalls or intrustion detection devices (IDS) at the destination web server may not understand this value and hence drop the packets, causing the performance degredation or overall failure.