Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 1 subscriber
  • Views 6891 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ftp proxy limiting download speed

wrallen
Even if i have the antivirus scanning turned off the speed with which i can use ftp is limited to around 320 KB/s per connection.  For example, if I'm just downloading one file it max's out at 320 KBs/s.  If I download two files simultaneously I can get the same speed for both (~320 KB/s).  If i turn the ftp proxy off and add a packet filter rule i can download at my connection's full speed.  What's the FTP proxy doing that limits downloading speed?


This thread was automatically locked due to age.
Parents
  • 0
    What are your throughputs if you do single-scan anti-virus?  If you turn off AV?

    If turning off AV fixes the speed issue, then you can put in an exception to forego AV scanning for the host or add it to the Transparent mode skiplist.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Those are the speeds with AV turned off.  I was wondering what it's doing that limits the speed per connection even with AV turned off.
  • 0 in reply to wrallen
    I'd be interested to know if there's any slowdown when you are doing single- or double-scan with A-V.

    What happens if you put the server into the transparent mode skiplist?  Do you achieve the same result ans turning off the FTP proxy?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    What happens if you put the server into the transparent mode skiplist? Do you achieve the same result ans turning off the FTP proxy?
      same results
Reply Children
  • 0 in reply to wrallen
    Well, that's a relief, but now I'm left with the same question you started with: What can it possibly be spending its time on if AV is turned off?

    If you have support, this would seem like an anomaly that Astaro would be interested in knowing about.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Try turning off the IPS, or adding an exclusion, to test if that is limiting the speeds.

    What CPU are you using?

    Barry
  • 0 in reply to BarryG
    Try turning off the IPS, or adding an exclusion, to test if that is limiting the speeds.

    What CPU are you using?

    Barry


    turning off IPS doesn't work,  3.2 GHz P4, 2 gigs of memory.  

    the only thing that seems to work is turning off the ftp proxy or adding the host to the ftp proxy skiplist.

    the http/s proxy only takes off around 100 KB/s.  the ftp proxy knocks off about 400 KB/s.
  • 0 in reply to wrallen
    Trouble with a capital "T"
    And that rhymes with "B" and that stands for bug!*

    Cheers - Bob
    * Sorry, but that line from "The Music Man" just seemed apropos.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    There shouldn't be any difference whether you turn on single or double scan. A file gets downloaded completely to the asg, then scanned and then gets streamed to the client. If your file is larger than max scanning size (assuming your server understands the SIZE command), it will be streamed directly to the client without scanning.
  • 0 in reply to frickler
    But, frickler, if the virus-scan is off, why does the throughput get reduced from over 700kb/s to 320kbs?  Why should the proxy be so inefficient?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Where did you get the information 320kbs? Is it the actual download-speed or is it an average (size divided by time)? If your proxy does virus scanning a download takes longer, because the proxy first downloads the file completely before sending it out to the client.
  • 0 in reply to frickler
    Please read the first page of this thread.  Wrallen did a great job of testing and documenting his problem.  He disabled virus scanning in the ftp proxy and experienced what I repeated above.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Here is the file that i was testing with.  They have a enough bandwidth so that I can use all of mine.

    ftp://ftp.uwsg.indiana.edu/linux/mandrake/official/iso/2009.0/mandriva-linux-free-2009-dvd-x86_64.iso

    Anyone mind testing this also?  It's too big for virus scanning so that doesn't matter.   Start downloading it to see what speeds you can get with the ftp proxy on and off.  You need to add ftp to the packet filter rules so that it will download with the proxy turned off.  Just cancel the download after you determine your speeds.  

    I'm hoping it's not just me.  Though I feel kinda mean saying that lol.
  • 0 in reply to wrallen
    I'm sorry, i currently have no other idea of the cause.