Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 16 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 41506 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Delayed starting downloads

FormerMember
FormerMember

Since I use a XG Firewall, my Downloads are starting with a delay of 10 up to 15 min.

After ~50% the download fails/interrupts.

I use a Sophos XG home with a 4 core Intel i5 and 6 GB of Ram.

I also tried Web caching and to reduce max. file scan size, but nothing changed after that.

Thank you for your help!



This thread was automatically locked due to age.
  • 0

    Meghan,

    did you set the Traffic Shaping Settings under System Services?

    Thanks

  • FormerMember
    0 FormerMember in reply to lferrara

    Yes I did, but the Problem is NOT solved!

    I've got a 50mbit/s VDSL, so I set the Traffic Shaping to 50000 kBit/s

  • 0 in reply to FormerMember

    Meghan,

    Traffic Shaping uses KB and not Kb. So put 6250 and try again.

    Regards

  • FormerMember
    0 FormerMember in reply to lferrara

    This don't work for me, downloads still starting delayed!

    Browser says :"connecting to server" and after 10 to 15 minutes the download starts. At ~ 50% the Download fails.

    The XG Dashboard shows me a traffic of 5,6MB but the download won't start.

  • 0

    Hi Meghan,

    Check #1 in my troubleshooting guide and  tell us if you discover any drop in the drop-packet-capture when you start a download.

    Cheers-

  • FormerMember
    0 FormerMember in reply to sachingurung

    Yes, there is a lots of output , but I dont know what it means.

    Output:

     

    2017-05-25 16:04:40 0103021 IP xxx.xxx.xxx.xxx.xxxxx > xxx.xxx.xxx.xxx.xxxxx : proto UDP: packet len: 271 checksum : 52067
    0x0000:  4500 0123 4f89 0000 8011 55e9 b641 13d6  E..#O.....U..A..
    0x0010:  b641 13ff d683 d683 010f cb63 0044 4553  .A.........c....
    0x0020:  4b54 4f50 2d46 4f44 4d4b 4f36 00b6 0f80  .........................
    0x0030:  a000 0000 0000 0000 0000 0000 3327 0000  ............3'..
    0x0040:  0000 0000 9004 4760 fb01 0000 40fd d160  ......G`....@..`
    0x0050:  fb01 0000 2008 d260 fb01 0000 0000 0000  .......`........
    0x0060:  0000 0000 7c6a 3a5f 0000 0000 f0a3 e85f  ....|j:_......._
    0x0070:  0000 0000 69ba 0f8f a000 0000 0000 0000  ....i...........
    0x0080:  0000 0000 e0e8 d160 fb01 0000 b4b6 0f8f  .......`........
    0x0090:  a000 0000 d0b6 0f8f a000 0000 b80a 037b  ...............{
    0x00a0:  6230 3061 3462 6238 2d61 3536 622d 3463  b00a4bb8-a56b-4c
    0x00b0:  3239 2d61 3936 362d 3963 6531 6338 6338  29-a966-9ce1c8c8
    0x00c0:  3561 3132 7d00 0000 0000 0000 0100 0000  5a12}...........
    0x00d0:  fb01 0000 b0b6 0f8f a000 0000 0000 0000  ................
    0x00e0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
    0x00f0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
    0x0100:  0000 0000 0000 0000 0000 0000 0000 0000  ................
    0x0110:  0000 0000 0000 0000 0000 0000 0000 0057  ...............W
    0x0120:  ee24 cc                                  .$.
    Date=2017-05-25 Time=16:04:40 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_dev= inzone_id=1 outzone_id=4 source_mac=xx:xx:xx:xx:xx:xx dest_mac=ff:ff:ff:ff:ff:ff l3_protocol=IP source_ip=xxx.xxx.xxx.xxx dest_ip=xxx.xxx.xxx.xxx l4_protocol=UDP source_port=xxxxx dest_port=xxxxx fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=1675671648 masterid=0 status=256 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-25 16:04:41 0103021 IP xxx.xxx.xxx.xxx.xxxxx > xxx.xxx.xxx.xxx.xxxxx : proto UDP: packet len: 271 checksum : 53818
    0x0000:  4500 0123 4f8b 0000 8011 55e7 b641 13d6  E..#O.....U..A..
    0x0010:  b641 13ff d683 d683 010f d23a 0044 4553  .A.........:....
    0x0020:  4b54 4f50 2d46 4f44 4d4b 4f36 00b6 0f8f  ................
    0x0030:  a000 0000 0000 0000 0000 0000 3327 0000  ............3'..
    0x0040:  0000 0000 9004 4760 fb01 0000 40fd d160  ......G`....@..`
    0x0050:  fb01 0000 2008 d260 fb01 0000 0000 0000  .......`........
    0x0060:  0000 0000 7c6a 3a5f 0000 0000 f0a3 e85f  ....|j:_......._
    0x0070:  0000 0000 69ba 0f8f a000 0000 0000 0000  ....i...........
    0x0080:  0000 0000 e0e8 d160 fb01 0000 b4b6 0f8f  .......`........
    0x0090:  a000 0000 d0b6 0f8f a000 0000 b80b 037b  ...............{
    0x00a0:  6230 3061 3462 6238 2d61 3536 622d 3463  ................
    0x00b0:  3239 2d61 3936 362d 3963 6531 6338 6338  ................
    0x00c0:  3561 3132 7d00 0000 0000 0000 0100 0000  ................
    0x00d0:  fb01 0000 b0b6 0f8f a000 0000 0000 0000  ................
    0x00e0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
    0x00f0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
    0x0100:  0000 0000 0000 0000 0000 0000 0000 0000  ................
    0x0110:  0000 0000 0000 0000 0000 0000 0000 000b  ................
    0x0120:  be98 f5                                  ...
    Date=2017-05-25 Time=16:04:41 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_dev= inzone_id=1 outzone_id=4 source_mac=xx:xx:xx:xx:xx:xx dest_mac=ff:ff:ff:ff:ff:ff l3_protocol=IP source_ip=xxx.xxx.xxx.xxx dest_ip=xxx.xxx.xxx.xxx l4_protocol=UDP source_port=xxxxx dest_port=xxxxx fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=1675671648 masterid=0 status=256 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

     

    I cant post all the outputs, because it's too much text.

    I hope it will help!

  • 0 in reply to FormerMember

    Those are default drops due to local_acl. It is caused due to the absence of a fw-rule. I don't think that is the issue. Do you have Malware scanning: HTTP & HTTPS defined in the firewall rule? Show us the picture of the configuration in Web | Protection | Malware Scanning.

    Cheers-

  • FormerMember
    0 FormerMember in reply to sachingurung

    Yes HTTP and HTTPS scanning is enabled, here the configuration of the Firewall and the Web Protection

  • FormerMember
    0 FormerMember in reply to FormerMember

    Here are the Screenshots!

    Thank you for your help!

  • 0 in reply to FormerMember

    Scanning 1535 MB file is huge, it will definitely take a lot of time which can cause delays during the download. Please change this value to 30 MB.

    Alongside, define single scan in the Scan Engine selection and configure the Malware Scan Mode as Real Time. This scanning mode scans files in Real Time while they pass through the UTM. Whereas, batch scanning mode caches the files as they come in and then examines them for viruses once they are fully cached. Hence, in the case of bulky files, there is a delay in the scanning because XG waits for the whole file to be downloaded and then starts scanning.

    Hope that helps.