Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 2 subscribers
  • Views 11878 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

When downloading large files: Session exceeded configured max bytes to queue

eclipse79oldacct
Hello, 
I have a strange issue. When I download large files, my browser consider it as completed before it downloads the whole file. For example, the file was 2.8gb, firefox considers successfully downloaded at 700mb. The same after few minutes at 1.2gb.

It seems that there is a correlation between the described isse and some entries in log IPS log file: 


2012:07:03-10:36:25 MYFIREWALL snort[7480]: S5: Session exceeded configured max bytes to queue 1048576 using 1049776 bytes (client queue). MY_PUBLIC_IP 32771 --> 95.101.34.58 80 : LWstate 0x9 LWFlags 0x6007

2012:07:03-11:37:55 MYFIREWALL snort[7480]: S5: Session exceeded configured max bytes to queue 1048576 using 1049380 bytes (client queue). MY_PUBLIC_IP 33045 --> 129.35.224.105 80 : LWstate 0x9 LWFlags 0x6007


The same file is fuccessfully downloaded from a non-proxied and non protected (with ips) interface. 

Any ideas?

bye
eclipse79


This thread was automatically locked due to age.
Parents
  • 0
    jpwjpw, I don't think the two threads are related.  This is about buffer size, and it may be related to your issue about downloading large files.Notice that there is no sid mentioned in the log lines in Post #1.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    jpwjpw, I don't think the two threads are related.  This is about buffer size, and it may be related to your issue about downloading large files.Notice that there is no sid mentioned in the log lines in Post #1.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    Hello,

    we have a ASG220 with Firmware 8.310 running.
    If we download big files > 500mb(isos, zip, etc.) the download stop always.
    What rule we have do disable at the IPS?

    Here a log from the last failed download (Ubuntu 12.04 iso):
    2013:11:04-10:48:38 mail snort[7573]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="EXPLOIT Adobe FLV long string script data buffer overflow" group="340" srcip="130

    Regards,

    Thomas
Cookie Information Banner