Skip to main content
A
Anonymous_User
Contributor
November 4, 2008
Question

ftp download

  • November 4, 2008
  • 12 replies
  • 10229 views
I download files from ftp site, if enable virus scan under protection file, can' t download file, what' s problem?

    12 replies

    abelio
    SuperUser
    abelio
    SuperUser
    November 8, 2008
    error messages? Maybe buffering process for AV analysis is taking too much time; Try comfort client settings and reduce buffering size.
    A
    Anonymous_UserAuthor
    Contributor
    November 9, 2008
    What' s comfort client settings and reduce buffering size?
    abelio
    SuperUser
    abelio
    SuperUser
    November 9, 2008
    What' s comfort client settings and reduce buffering size?
    You can configure that within ProtectionProfile->AntiVirus settings Details and full info in http://docs.forticare.com/fgt/techdocs/FortiGate_Administration_Guide_01-30007-0203-20080930.pdf and http://kc.forticare.com/default.asp?id=2066
    A
    Anonymous_UserAuthor
    Contributor
    November 10, 2008
    I set Anti-virus' s ftp comfort_interval=20, comfort_amount=512, but can' t download, on my ftp client, " 502 Command REST not allowed by policy' comes out.
    lmuir
    lmuir
    New Member
    November 10, 2008
    With your settings you have enabled 512 bytes to be passed to the client every 20 seconds until AV has finished. I suggest you change this to something a little more usable. REST is to resume, well, to start at a specified part of the file. You cannot resume/thread a file if AV scanning is used on FTP, most clients will just start again from the beginning. Cheers, Lachlan.
    A
    Anonymous_UserAuthor
    Contributor
    November 10, 2008
    Thanks all. I don' t unerstand Lachlan, what' s meaning for changing this to something a little more usable?
    lmuir
    lmuir
    New Member
    November 11, 2008
    Depending on your FGT model and load, you can take it up to interval 1 amount 10240 both values are maximum allowed. This means the FGT will send 10240 bytes of the file to the client every 1 second, until the file has been scanned. Setting it to its max can cause extra load on the FGT, so if your strapped for resources as it is, knock it down a notch. First try lowering the amount before the interval, most clients don' t care how little is coming through, as long as its regular. Cheers, Lachlan.
    A
    Anonymous_UserAuthor
    Contributor
    November 11, 2008
    I set comfort client on antivirus , but can' t download anything. Antivirus scanning for ftp is not function on my fgt-60?
    lmuir
    lmuir
    New Member
    November 11, 2008
    Only guessing here but that might be true, i think those units have a small amount of RAM which may significantly limit the amount of AV scanning. What firmware are you running? Also, can you post the policy and profile config in question? Cheers.
    A
    Anonymous_UserAuthor
    Contributor
    November 11, 2008
    firmware is FortiOS 3.00 MR6 patch 3. firewall policy and profile is as follows, edit 35 set srcintf " internal" set dstintf " wan1" set srcaddr " Ftpuser_group" set dstaddr " Ftpadd_group" set action accept set schedule " all time" set service " ANY" set profile-status enable set logtraffic enable set profile " full_scan" set nat enable next edit " full_scan" set ftpcomfortinterval 20 set ftpcomfortamount 512 set log-ips enable set log-im enable set log-p2p enable set log-voip enable set log-spam enable set log-av-virus enable set log-av-block enable set log-av-oversize enable set log-web-content enable set log-web-filter-activex enable set log-web-filter-cookie enable set log-web-filter-applet enable set log-web-url enable set log-web-ftgd-err enable set ftp clientcomfort scan splice unset http unset https set imap spamfssubmit set pop3 spamemailbwl spamfsip spamfschksum spamfssubmit spamfsurl set smtp spamfsip spamfschksum spamfssubmit spamfsurl splice set pop3-spamtagtype subject set imap-spamtagtype subject set spamemaddrtable 1 set nntp no-content-summary set ips-sensor-status enable set ips-sensor " protect_client" unset im set comment " " set msn enable-inspect set p2p enable set ftgd-wf-disable all next
    lmuir
    lmuir
    New Member
    November 11, 2008
    Hrmmm, looks ok to me, except ftpcomfortinterval and ftpcomfortamount, which your FTP client mightn' t like. What logs are generated on the FGT when you attempt to download a file over FTP?
    A
    Anonymous_UserAuthor
    Contributor
    November 12, 2008
    What logs refer to?
    lmuir
    lmuir
    New Member
    November 12, 2008
    If you dont have a FAZ, it might be harder. Event and AV logs might help. Do you syslog to anywhere?
    A
    Anonymous_UserAuthor
    Contributor
    November 12, 2008
    Yes, I syslog to a linux system. How can I extract this from syslog server?
    lmuir
    lmuir
    New Member
    November 13, 2008
    Umm, where ever you' re logging to. Might be a file or database.
    A
    Anonymous_UserAuthor
    Contributor
    November 17, 2008
    From my syslog server, the log as follows, Nov 10 09:21:18 bogon date=2008-11-10,time=09:20:53,devname=Fortigate-60,device_id=FGT-XXXXXXXXXXXX,log_id=0021010001,type=traffic,subtype=allowed,pri=notice,vd=root,SN=2596761,duration=130,user=N/A,group=N/A,rule=35,policyid=35,proto=6,service=1941/tcp,app_type=N/A,status=accept,src=192.168.8.100,srcname=192.168.8.100,dst=207.25.253.40,dstname=207.25.253.40,src_int=" internal" ,dst_int=" wan1" ,sent=208,rcvd=3142,sent_pkt=5,rcvd_pkt=5,src_port=1198,dst_port=1941,vpn=N/A,tran_ip=XXXXXXXXXX,tran_port=52798,dir_disp=org,tran_disp=snat, Nov 10 09:21:41 bogon date=2008-11-10,time=09:21:20,devname=Fortigate-60,device_id=FGT-XXXXXXXXXXXX,log_id=0021010001,type=traffic,subtype=allowed,pri=notice,vd=root,SN=2597142,duration=130,user=N/A,group=N/A,rule=35,policyid=35,proto=6,service=25908/tcp,app_type=N/A,status=accept,src=192.168.8.100,srcname=192.168.8.100,dst=207.25.253.40,dstname=207.25.253.40,src_int=" internal" ,dst_int=" wan1" ,sent=208,rcvd=992,sent_pkt=5,rcvd_pkt=4,src_port=1206,dst_port=25908,vpn=N/A,tran_ip=XXXXXXXXXXX,tran_port=52965,dir_disp=org,tran_disp=snat, Nov 10 09:21:42 bogon date=2008-11-10,time=09:21:24,devname=Fortigate-60,device_id=FGT-XXXXXXXXXXXX,log_id=0021010001,type=traffic,subtype=allowed,pri=notice,vd=root,SN=2597203,duration=130,user=N/A,group=N/A,rule=35,policyid=35,proto=6,service=3343/tcp,app_type=N/A,status=accept,src=192.168.8.100,srcname=192.168.8.100,dst=207.25.253.40,dstname=207.25.253.40,src_int=" internal" ,dst_int=" wan1" ,sent=168,rcvd=474,sent_pkt=4,rcvd_pkt=4,src_port=1207,dst_port=3343,vpn=N/A,tran_ip=XXXXXXXXXX,tran_port=52993,dir_disp=org,tran_disp=snat, Any problem?
    rwpatterson
    rwpatterson
    New Member
    November 17, 2008
    Why are the three destination ports non standard? Are the services set up in the helper as FTP services?
    Show more replies
    Terms & ConditionsAccessibility statement