This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Delayed starting downloads

FormerMember over 8 years ago

Since I use a XG Firewall, my Downloads are starting with a delay of 10 up to 15 min.

After ~50% the download fails/interrupts.

I use a Sophos XG home with a 4 core Intel i5 and 6 GB of Ram.

I also tried Web caching and to reduce max. file scan size, but nothing changed after that.

Thank you for your help!

This thread was automatically locked due to age.

Parents

0 sachingurung over 8 years ago

Hi Meghan,

Check #1 in my troubleshooting guide and tell us if you discover any drop in the drop-packet-capture when you start a download.

Cheers-
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 8 years ago in reply to sachingurung

Yes, there is a lots of output , but I dont know what it means.

Output:

2017-05-25 16:04:40 0103021 IP xxx.xxx.xxx.xxx.xxxxx > xxx.xxx.xxx.xxx.xxxxx : proto UDP: packet len: 271 checksum : 52067
0x0000: 4500 0123 4f89 0000 8011 55e9 b641 13d6 E..#O.....U..A..
0x0010: b641 13ff d683 d683 010f cb63 0044 4553 .A.........c....
0x0020: 4b54 4f50 2d46 4f44 4d4b 4f36 00b6 0f80 .........................
0x0030: a000 0000 0000 0000 0000 0000 3327 0000 ............3'..
0x0040: 0000 0000 9004 4760 fb01 0000 40fd d160 ......G`....@..`
0x0050: fb01 0000 2008 d260 fb01 0000 0000 0000 .......`........
0x0060: 0000 0000 7c6a 3a5f 0000 0000 f0a3 e85f ....|j:_......._
0x0070: 0000 0000 69ba 0f8f a000 0000 0000 0000 ....i...........
0x0080: 0000 0000 e0e8 d160 fb01 0000 b4b6 0f8f .......`........
0x0090: a000 0000 d0b6 0f8f a000 0000 b80a 037b ...............{
0x00a0: 6230 3061 3462 6238 2d61 3536 622d 3463 b00a4bb8-a56b-4c
0x00b0: 3239 2d61 3936 362d 3963 6531 6338 6338 29-a966-9ce1c8c8
0x00c0: 3561 3132 7d00 0000 0000 0000 0100 0000 5a12}...........
0x00d0: fb01 0000 b0b6 0f8f a000 0000 0000 0000 ................
0x00e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0100: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0110: 0000 0000 0000 0000 0000 0000 0000 0057 ...............W
0x0120: ee24 cc .$.
Date=2017-05-25 Time=16:04:40 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_dev= inzone_id=1 outzone_id=4 source_mac=xx:xx:xx:xx:xx:xx dest_mac=ff:ff:ff:ff:ff:ff l3_protocol=IP source_ip=xxx.xxx.xxx.xxx dest_ip=xxx.xxx.xxx.xxx l4_protocol=UDP source_port=xxxxx dest_port=xxxxx fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=1675671648 masterid=0 status=256 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

2017-05-25 16:04:41 0103021 IP xxx.xxx.xxx.xxx.xxxxx > xxx.xxx.xxx.xxx.xxxxx : proto UDP: packet len: 271 checksum : 53818
0x0000: 4500 0123 4f8b 0000 8011 55e7 b641 13d6 E..#O.....U..A..
0x0010: b641 13ff d683 d683 010f d23a 0044 4553 .A.........:....
0x0020: 4b54 4f50 2d46 4f44 4d4b 4f36 00b6 0f8f ................
0x0030: a000 0000 0000 0000 0000 0000 3327 0000 ............3'..
0x0040: 0000 0000 9004 4760 fb01 0000 40fd d160 ......G`....@..`
0x0050: fb01 0000 2008 d260 fb01 0000 0000 0000 .......`........
0x0060: 0000 0000 7c6a 3a5f 0000 0000 f0a3 e85f ....|j:_......._
0x0070: 0000 0000 69ba 0f8f a000 0000 0000 0000 ....i...........
0x0080: 0000 0000 e0e8 d160 fb01 0000 b4b6 0f8f .......`........
0x0090: a000 0000 d0b6 0f8f a000 0000 b80b 037b ...............{
0x00a0: 6230 3061 3462 6238 2d61 3536 622d 3463 ................
0x00b0: 3239 2d61 3936 362d 3963 6531 6338 6338 ................
0x00c0: 3561 3132 7d00 0000 0000 0000 0100 0000 ................
0x00d0: fb01 0000 b0b6 0f8f a000 0000 0000 0000 ................
0x00e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0100: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0110: 0000 0000 0000 0000 0000 0000 0000 000b ................
0x0120: be98 f5 ...
Date=2017-05-25 Time=16:04:41 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_dev= inzone_id=1 outzone_id=4 source_mac=xx:xx:xx:xx:xx:xx dest_mac=ff:ff:ff:ff:ff:ff l3_protocol=IP source_ip=xxx.xxx.xxx.xxx dest_ip=xxx.xxx.xxx.xxx l4_protocol=UDP source_port=xxxxx dest_port=xxxxx fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=1675671648 masterid=0 status=256 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

I cant post all the outputs, because it's too much text.

I hope it will help!
Cancel
Vote Up 0 Vote Down

Cancel
0 sachingurung over 8 years ago in reply to FormerMember

Those are default drops due to local_acl. It is caused due to the absence of a fw-rule. I don't think that is the issue. Do you have Malware scanning: HTTP & HTTPS defined in the firewall rule? Show us the picture of the configuration in Web | Protection | Malware Scanning.

Cheers-
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 8 years ago in reply to sachingurung

Yes HTTP and HTTPS scanning is enabled, here the configuration of the Firewall and the Web Protection
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 8 years ago in reply to FormerMember

Here are the Screenshots!

Thank you for your help!
Cancel
Vote Up 0 Vote Down

Cancel
0 sachingurung over 8 years ago in reply to FormerMember

Scanning 1535 MB file is huge, it will definitely take a lot of time which can cause delays during the download. Please change this value to 30 MB.

Alongside, define single scan in the Scan Engine selection and configure the Malware Scan Mode as Real Time. This scanning mode scans files in Real Time while they pass through the UTM. Whereas, batch scanning mode caches the files as they come in and then examines them for viruses once they are fully cached. Hence, in the case of bulky files, there is a delay in the scanning because XG waits for the whole file to be downloaded and then starts scanning.

Hope that helps.
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 8 years ago in reply to sachingurung

Hi,

how I described in the Question, decreasing the maximum Filescan size do not change anything.

Switching to singleengine isn't working too.

But why the download fails/Interrupts after 50%?

Regards
Cancel
Vote Up 0 Vote Down

Cancel
0 Aditya Patel over 8 years ago in reply to FormerMember

Hi

Could you conduct a few test from your XG console?

console> system diagnostics utilities ping count 100 size 1000 interface Port<A/B/C/D> 8.8.8.8

Next, you may check if there are any errors while downloading the file.

console> system diagnostics utilities bandwidth-monitor

after running the command press 'u' twice to toggle the reading based on E/s.

Let us know the results and post if possible.
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 8 years ago in reply to Aditya Patel

Good evening,

here are the results:

PING 8.8.8.8 (8.8.8.8): 1000 data bytes

--- 8.8.8.8 ping statistics ---
100 packets transmitted, 0 packets received, 100% packet loss
console> system diagnostics utilities ping count 100 size 1000 interface Port2 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 1000 data bytes
1008 bytes from 8.8.8.8: seq=0 ttl=59 time=32.735 ms
1008 bytes from 8.8.8.8: seq=1 ttl=59 time=41.675 ms
1008 bytes from 8.8.8.8: seq=2 ttl=59 time=30.032 ms
1008 bytes from 8.8.8.8: seq=3 ttl=59 time=40.892 ms
1008 bytes from 8.8.8.8: seq=4 ttl=59 time=28.603 ms
1008 bytes from 8.8.8.8: seq=5 ttl=59 time=38.861 ms
1008 bytes from 8.8.8.8: seq=6 ttl=59 time=28.613 ms
1008 bytes from 8.8.8.8: seq=7 ttl=59 time=28.563 ms
1008 bytes from 8.8.8.8: seq=8 ttl=59 time=38.840 ms
1008 bytes from 8.8.8.8: seq=9 ttl=59 time=45.632 ms
1008 bytes from 8.8.8.8: seq=10 ttl=59 time=28.266 ms
1008 bytes from 8.8.8.8: seq=11 ttl=59 time=37.258 ms
1008 bytes from 8.8.8.8: seq=12 ttl=59 time=44.924 ms
1008 bytes from 8.8.8.8: seq=13 ttl=59 time=28.734 ms
1008 bytes from 8.8.8.8: seq=14 ttl=59 time=30.906 ms
1008 bytes from 8.8.8.8: seq=15 ttl=59 time=41.953 ms
1008 bytes from 8.8.8.8: seq=16 ttl=59 time=30.946 ms
1008 bytes from 8.8.8.8: seq=17 ttl=59 time=39.438 ms
1008 bytes from 8.8.8.8: seq=18 ttl=59 time=28.750 ms
1008 bytes from 8.8.8.8: seq=19 ttl=59 time=37.118 ms
1008 bytes from 8.8.8.8: seq=20 ttl=59 time=29.054 ms
1008 bytes from 8.8.8.8: seq=21 ttl=59 time=37.252 ms
1008 bytes from 8.8.8.8: seq=22 ttl=59 time=45.151 ms
1008 bytes from 8.8.8.8: seq=23 ttl=59 time=29.082 ms
1008 bytes from 8.8.8.8: seq=24 ttl=59 time=35.314 ms
1008 bytes from 8.8.8.8: seq=25 ttl=59 time=44.039 ms
1008 bytes from 8.8.8.8: seq=26 ttl=59 time=32.619 ms
1008 bytes from 8.8.8.8: seq=27 ttl=59 time=41.760 ms
1008 bytes from 8.8.8.8: seq=28 ttl=59 time=27.999 ms
1008 bytes from 8.8.8.8: seq=29 ttl=59 time=32.675 ms
1008 bytes from 8.8.8.8: seq=30 ttl=59 time=42.182 ms
1008 bytes from 8.8.8.8: seq=31 ttl=59 time=28.442 ms
1008 bytes from 8.8.8.8: seq=32 ttl=59 time=27.997 ms
1008 bytes from 8.8.8.8: seq=33 ttl=59 time=28.937 ms
1008 bytes from 8.8.8.8: seq=34 ttl=59 time=30.084 ms
1008 bytes from 8.8.8.8: seq=35 ttl=59 time=41.846 ms
1008 bytes from 8.8.8.8: seq=36 ttl=59 time=27.846 ms
1008 bytes from 8.8.8.8: seq=37 ttl=59 time=29.366 ms
1008 bytes from 8.8.8.8: seq=38 ttl=59 time=40.099 ms
1008 bytes from 8.8.8.8: seq=39 ttl=59 time=28.136 ms
1008 bytes from 8.8.8.8: seq=40 ttl=59 time=29.044 ms
1008 bytes from 8.8.8.8: seq=41 ttl=59 time=38.797 ms
1008 bytes from 8.8.8.8: seq=42 ttl=59 time=28.114 ms
1008 bytes from 8.8.8.8: seq=43 ttl=59 time=27.690 ms
1008 bytes from 8.8.8.8: seq=44 ttl=59 time=38.705 ms
1008 bytes from 8.8.8.8: seq=45 ttl=59 time=46.057 ms
1008 bytes from 8.8.8.8: seq=46 ttl=59 time=29.455 ms
1008 bytes from 8.8.8.8: seq=47 ttl=59 time=37.016 ms
1008 bytes from 8.8.8.8: seq=48 ttl=59 time=43.690 ms
1008 bytes from 8.8.8.8: seq=49 ttl=59 time=33.802 ms
1008 bytes from 8.8.8.8: seq=50 ttl=59 time=41.495 ms
1008 bytes from 8.8.8.8: seq=51 ttl=59 time=29.809 ms
1008 bytes from 8.8.8.8: seq=52 ttl=59 time=30.826 ms
1008 bytes from 8.8.8.8: seq=53 ttl=59 time=41.362 ms
1008 bytes from 8.8.8.8: seq=54 ttl=59 time=29.359 ms
1008 bytes from 8.8.8.8: seq=55 ttl=59 time=29.678 ms
1008 bytes from 8.8.8.8: seq=56 ttl=59 time=39.289 ms
1008 bytes from 8.8.8.8: seq=57 ttl=59 time=28.026 ms
1008 bytes from 8.8.8.8: seq=58 ttl=59 time=28.877 ms
1008 bytes from 8.8.8.8: seq=59 ttl=59 time=38.124 ms
1008 bytes from 8.8.8.8: seq=60 ttl=59 time=30.268 ms
1008 bytes from 8.8.8.8: seq=61 ttl=59 time=28.754 ms
1008 bytes from 8.8.8.8: seq=62 ttl=59 time=37.077 ms
1008 bytes from 8.8.8.8: seq=63 ttl=59 time=47.286 ms
1008 bytes from 8.8.8.8: seq=64 ttl=59 time=29.287 ms
1008 bytes from 8.8.8.8: seq=65 ttl=59 time=36.388 ms
1008 bytes from 8.8.8.8: seq=66 ttl=59 time=45.580 ms
1008 bytes from 8.8.8.8: seq=67 ttl=59 time=29.627 ms
1008 bytes from 8.8.8.8: seq=68 ttl=59 time=33.118 ms
1008 bytes from 8.8.8.8: seq=69 ttl=59 time=42.725 ms
1008 bytes from 8.8.8.8: seq=70 ttl=59 time=29.350 ms
1008 bytes from 8.8.8.8: seq=71 ttl=59 time=29.321 ms
1008 bytes from 8.8.8.8: seq=72 ttl=59 time=37.151 ms
1008 bytes from 8.8.8.8: seq=73 ttl=59 time=45.732 ms
1008 bytes from 8.8.8.8: seq=74 ttl=59 time=28.311 ms
1008 bytes from 8.8.8.8: seq=75 ttl=59 time=35.019 ms
1008 bytes from 8.8.8.8: seq=76 ttl=59 time=44.909 ms
1008 bytes from 8.8.8.8: seq=77 ttl=59 time=27.977 ms
1008 bytes from 8.8.8.8: seq=78 ttl=59 time=33.159 ms
1008 bytes from 8.8.8.8: seq=79 ttl=59 time=43.470 ms
1008 bytes from 8.8.8.8: seq=80 ttl=59 time=27.455 ms
1008 bytes from 8.8.8.8: seq=81 ttl=59 time=30.709 ms
1008 bytes from 8.8.8.8: seq=82 ttl=59 time=28.097 ms
1008 bytes from 8.8.8.8: seq=83 ttl=59 time=28.405 ms
1008 bytes from 8.8.8.8: seq=84 ttl=59 time=34.130 ms
1008 bytes from 8.8.8.8: seq=85 ttl=59 time=44.652 ms
1008 bytes from 8.8.8.8: seq=86 ttl=59 time=30.695 ms
1008 bytes from 8.8.8.8: seq=87 ttl=59 time=33.103 ms
1008 bytes from 8.8.8.8: seq=88 ttl=59 time=43.572 ms
1008 bytes from 8.8.8.8: seq=89 ttl=59 time=31.651 ms
1008 bytes from 8.8.8.8: seq=90 ttl=59 time=41.732 ms
1008 bytes from 8.8.8.8: seq=91 ttl=59 time=29.277 ms
1008 bytes from 8.8.8.8: seq=92 ttl=59 time=28.226 ms
1008 bytes from 8.8.8.8: seq=93 ttl=59 time=38.222 ms
1008 bytes from 8.8.8.8: seq=94 ttl=59 time=41.156 ms
1008 bytes from 8.8.8.8: seq=95 ttl=59 time=28.476 ms
1008 bytes from 8.8.8.8: seq=96 ttl=59 time=35.964 ms
1008 bytes from 8.8.8.8: seq=97 ttl=59 time=44.701 ms
1008 bytes from 8.8.8.8: seq=98 ttl=59 time=28.758 ms
1008 bytes from 8.8.8.8: seq=99 ttl=59 time=28.476 ms

--- 8.8.8.8 ping statistics ---
100 packets transmitted, 100 packets received, 0% packet loss
round-trip min/avg/max = 27.455/34.638/47.286 ms

--------------------------------------------------------------------------------------------------------------

system diagnostics utilities bandwidth-monitor

Bandwidth Monitor, (Sampling at every 0.500s), press 'h' for help

|         iface                   Rx                   Tx                Total
==============================================================================
            Port1:            0.00 E/s             0.00 E/s             0.00 E/s
          GuestAP:            0.00 E/s             0.00 E/s             0.00 E/s
               lo:            0.00 E/s             0.00 E/s             0.00 E/s
           ipsec0:            0.00 E/s             0.00 E/s             0.00 E/s
            Port2:            0.00 E/s             0.00 E/s             0.00 E/s
             imq0:            0.00 E/s             0.00 E/s             0.00 E/s
------------------------------------------------------------------------------
            total:            0.00 E/s             0.00 E/s             0.00 E/s

(this Page havnt changed, but the Download interrupted/failed at ~25%)

--------------------------------------------------------------------------------------------------------------------------------------------------------------

Regards
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 8 years ago in reply to FormerMember

Here are the results, I hope it will help!

Regards
Cancel
Vote Up 0 Vote Down

Cancel
+2 FormerMember over 8 years ago in reply to FormerMember

Good evening,

I switched now to realtime-scanning in Web>Protection>Malware-Scan mode.

Now my problem with delayes and interrupting downloads are fixed ,but when I now try to download EICAR-Testfile, it won't be downloaded, but I only see a white page and NO "Virus found" message/alert.

How can I fix this Problem?
Cancel
Vote Up 0 Vote Down

Cancel
0 sachingurung over 8 years ago in reply to FormerMember

Hi Meghan,

I would request you to write a new thread to start a conversation on this question, as we have an unwritten rule on the forum which states: one question per thread. This makes the question more transparent and helps other members to achieve specific solutions.

You can DM me the link to the new thread, I will be happy to help [:)]

Thank You,
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 sachingurung over 8 years ago in reply to FormerMember

Hi Meghan,

I would request you to write a new thread to start a conversation on this question, as we have an unwritten rule on the forum which states: one question per thread. This makes the question more transparent and helps other members to achieve specific solutions.

You can DM me the link to the new thread, I will be happy to help [:)]

Thank You,
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data