Technical Tip: Why FTP slows down when antivirus is enabled
Description
This article explains why the FTP sessions are slowing down when passing over a FortiGate firewall with Antivirus profile enabled in the policy.
Scope
FortiGate.
Solution
This is considered a normal behavior. The software will display high slowness, but does not mean the FTP session is hanging. It is necessary to wait for the file to be downloaded to the FortiGate.
Here are the steps during an ftp download with antivirus enabled:
- The file is first entirely downloaded to the FortiGate (up to 'default' 10MB configurable in AV profile).
- The file is scanned for viruses on the FortiGate.
- The file is transferred to the FTP client on PC.
So the PC only 'sees' the FTP packet coming on step 3.
If the FTP server is slow, or the file is big, or the internet connection is slow, it may take some time for the FortiGate to achieve step 1.
To prevent the FTP session from timing out, the FortiGate sends keepalives to the PC.
Note: It is recommended to use Flow mode for better performance.
Related documents: