Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Comfort Client setting
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 09-05-2006 12:06 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Comfort Client setting
We are on the lastest OS with the Fortigate 300-A. We are using the AntiVirus feature and we are experiencing the following on downloads:
When downloading IT related files… most of them are 10MB to 40MB... we are having to wait 7+minutes (clicked the download at 11:07 and at 11:14 still nothing) with the hourglass/arrow waiting for the save option to appear on a 21MB file that normally would have downloaded in less than a couple of minutes. Ones that were 100K had the save dialog pop up in seconds but any that I’ve tried that are greater than 10 MB pause way too long and act like the aren’t doing anything…
How can this be aleviated without totally abandoning antivirus for file downloads and ftp??? I enabled comfort client, but it doesn' t seem to help at all.
Thank you.
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Lower the max size scanned. Start with going all the way to 1MB and test there, then raise it as needed until you hit the performance point that is acceptable.
FCSE > FCNSP 2.8 > FCNSP 3.0
(Former) FCT
FCSE > FCNSP 2.8 > FCNSP 3.0 (Former) FCT
Not applicable
Created on 09-05-2006 12:24 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I realize I could probably do that, but then we may be making ourselves more susceptible... obviously my main concern is performance, but I thought that was the whole purpose of the Comfort Client Setting... to make it appear as if it is coming down with no problems.
In real world settings... does this functionality even work??? Why include it if it doesn' t help do anything.
Thank you.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Client comforting is not a function of speed, but rather gives the client bits of the download to keep it from giving up and/or starting over.
FCSE > FCNSP 2.8 > FCNSP 3.0
(Former) FCT
FCSE > FCNSP 2.8 > FCNSP 3.0 (Former) FCT
Not applicable
Created on 09-05-2006 12:49 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So it is not designed to cause the client to show the download progress as the fortigate gets it? I had thought that as fortigate downloaded the file it somehow fooled the client in to showing its progress bar so the user does not believe he is hung up.
This is what the help says:
Enable or disable client comforting for HTTP and FTP traffic. Client comforting provides a visual status for files that are being buffered for downloads using HTTP and FTP. Users can observe web pages being drawn or file downloads progressing. If disabled, users have no indication the FortiGate unit is buffering the download and they may cancel the transfer thinking it has failed. Interval The time in seconds before client comforting starts after the download has begun. It is also the time between subsequent intervals. Amount The number of bytes sent at each interval.The bold section really leads you to believe it is suppose to do what I thought it was. I must be misunderstanding what it means there.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ORIGINAL: gsaunders So it is not designed to cause the client to show the download progress as the fortigate gets it? I had thought that as fortigate downloaded the file it somehow fooled the client in to showing its progress bar so the user does not believe he is hung up.It does show some progress so the user sees his transfer is in progress, but it does not play any trickery with the user' s progress indicator. Client comforting simply sends a very small amount of the file to the user to show the transfer is working, as the FortiGate unit buffers the file at the maximum possible speed. The default client comforting settings send one byte to the user every ten seconds. This will continue until the FortiGate unit receives the entire file, scans it, and pronounces it virus-free. Only then does the user receive the file at full speed... You can increase the amount sent, and the sending interval. The danger is the virus will be at the beginning of the file and that portion of the download ill be delivered to the user because the FortiGate realises it' s infected and aborts the transmission.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
how can the " Comfort Client" be enabled and configured?
player.
rock the boat , dont sink the ship
player. rock the boat , dont sink the ship
Not applicable
Created on 09-06-2006 05:56 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well it is found in the Firewall / Protection Profile. You then edit the needed profile, go to the anti-virus section, and then check the Comfort Clients... but I believe this is on OS 3.x and higher.
But I still need clarification myself on my last post. Anyone from Fortinet hear?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You are correct, gsaunders. It will also give the actual user a slow, but at least progressing, progress bar. This is still not a performance feature in any way other than preventing some re-requesting.
Your best bet is still to look at the size of files you are scanning. This isn' t much of a security issue today as almost all malicious virus traffic is passed in very small files. One day this could change as the internet gets faster and faster, but the more bloat in the malicious software then the better chance it will affect performance on the machines as well and be discovered/eliminated.
FCSE > FCNSP 2.8 > FCNSP 3.0
(Former) FCT
FCSE > FCNSP 2.8 > FCNSP 3.0 (Former) FCT
Not applicable
Created on 09-06-2006 07:34 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fireshield,
What do you recommend for a setting? What do you use?
Is the maximum size to scan setting in the same location as the Comfort Client Setting? I see the following in the Anti-Virus section: Oversized File / Email = Pass or Block and then I see Threshold which I had changed to 5 MB.
You are correct, gsaunders. It will also give the actual user a slow, but at least progressing, progress bar. This is still not a performance feature in any way other than preventing some re-requesting.Even with the Comfort Setting we see no change at all... no progress bar for 7 or 8 minutes and then we get the whole thing. I wonder if this Comfort Client Setting even works, because if we could give the user a indication that something is happening that would be fine, but since we sit their for 5 to 10 minutes then we don' t know what is going on. Anyway, I' ll probably just lower the file size limit.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,704 -
FortiClient
1,763 -
5.2
801 -
FortiManager
729 -
5.4
639 -
FortiAnalyzer
558 -
FortiSwitch
475 -
FortiAP
473 -
FortiClient EMS
432 -
6.0
416 -
5.6
362 -
FortiMail
318 -
6.2
251 -
SSL-VPN
245 -
FortiAuthenticator v5.5
234 -
IPsec
210 -
FortiWeb
205 -
5.0
196 -
FortiNAC
190 -
FortiGuard
139 -
6.4
128 -
SD-WAN
115 -
FortiAuthenticator
103 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
97 -
FortiToken
92 -
Firewall policy
82 -
Customer Service
79 -
Wireless Controller
79 -
4.0MR3
64 -
FortiProxy
60 -
High Availability
56 -
FortiADC
54 -
Fortivoice
53 -
FortiEDR
52 -
vlan
51 -
ZTNA
49 -
Routing
46 -
FortiExtender
45 -
FortiSandbox
44 -
DNS
43 -
FortiDNS
42 -
LDAP
41 -
BGP
40 -
Authentication
38 -
FortiGate v5.4
35 -
SAML
35 -
NAT
35 -
Certificate
35 -
FortiSwitch v6.4
34 -
RADIUS
34 -
SSO
33 -
Interface
31 -
VDOM
30 -
FortiConnect
29 -
FortiLink
29 -
FortiWAN
27 -
Web profile
27 -
Application control
26 -
FortiConverter
25 -
Logging
25 -
FortiGate v5.2
24 -
Virtual IP
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiMonitor
18 -
Traffic shaping
17 -
WAN optimization
16 -
FortiDDoS
15 -
OSPF
15 -
SSID
15 -
Automation
15 -
FortiGate v5.0
14 -
FortiSOAR
14 -
Static route
14 -
System settings
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
FortiGate-VM
13 -
SNMP
13 -
FortiCASB
12 -
Admin
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
Security profile
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
IPS signature
10 -
FortiAP profile
10 -
Proxy policy
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
Web rating
6 -
Fortinet Engage Partner Program
6 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
API
4 -
Internet service database
4 -
Application signature
4 -
Authentication rule and scheme
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
TACACS
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1713 | |
| 1093 | |
| 752 | |
| 447 | |
| 231 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.