- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- FortiWebCloud
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Comfort Client setting
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 09-05-2006 12:06 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Comfort Client setting
We are on the lastest OS with the Fortigate 300-A. We are using the AntiVirus feature and we are experiencing the following on downloads:
When downloading IT related files… most of them are 10MB to 40MB... we are having to wait 7+minutes (clicked the download at 11:07 and at 11:14 still nothing) with the hourglass/arrow waiting for the save option to appear on a 21MB file that normally would have downloaded in less than a couple of minutes. Ones that were 100K had the save dialog pop up in seconds but any that I’ve tried that are greater than 10 MB pause way too long and act like the aren’t doing anything…
How can this be aleviated without totally abandoning antivirus for file downloads and ftp??? I enabled comfort client, but it doesn' t seem to help at all.
Thank you.
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Lower the max size scanned. Start with going all the way to 1MB and test there, then raise it as needed until you hit the performance point that is acceptable.
FCSE > FCNSP 2.8 > FCNSP 3.0
(Former) FCT
FCSE > FCNSP 2.8 > FCNSP 3.0 (Former) FCT
Not applicable
Created on 09-05-2006 12:24 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I realize I could probably do that, but then we may be making ourselves more susceptible... obviously my main concern is performance, but I thought that was the whole purpose of the Comfort Client Setting... to make it appear as if it is coming down with no problems.
In real world settings... does this functionality even work??? Why include it if it doesn' t help do anything.
Thank you.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Client comforting is not a function of speed, but rather gives the client bits of the download to keep it from giving up and/or starting over.
FCSE > FCNSP 2.8 > FCNSP 3.0
(Former) FCT
FCSE > FCNSP 2.8 > FCNSP 3.0 (Former) FCT
Not applicable
Created on 09-05-2006 12:49 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So it is not designed to cause the client to show the download progress as the fortigate gets it? I had thought that as fortigate downloaded the file it somehow fooled the client in to showing its progress bar so the user does not believe he is hung up.
This is what the help says:
Enable or disable client comforting for HTTP and FTP traffic. Client comforting provides a visual status for files that are being buffered for downloads using HTTP and FTP. Users can observe web pages being drawn or file downloads progressing. If disabled, users have no indication the FortiGate unit is buffering the download and they may cancel the transfer thinking it has failed. Interval The time in seconds before client comforting starts after the download has begun. It is also the time between subsequent intervals. Amount The number of bytes sent at each interval.The bold section really leads you to believe it is suppose to do what I thought it was. I must be misunderstanding what it means there.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ORIGINAL: gsaunders So it is not designed to cause the client to show the download progress as the fortigate gets it? I had thought that as fortigate downloaded the file it somehow fooled the client in to showing its progress bar so the user does not believe he is hung up.It does show some progress so the user sees his transfer is in progress, but it does not play any trickery with the user' s progress indicator. Client comforting simply sends a very small amount of the file to the user to show the transfer is working, as the FortiGate unit buffers the file at the maximum possible speed. The default client comforting settings send one byte to the user every ten seconds. This will continue until the FortiGate unit receives the entire file, scans it, and pronounces it virus-free. Only then does the user receive the file at full speed... You can increase the amount sent, and the sending interval. The danger is the virus will be at the beginning of the file and that portion of the download ill be delivered to the user because the FortiGate realises it' s infected and aborts the transmission.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
how can the " Comfort Client" be enabled and configured?
player.
rock the boat , dont sink the ship
player. rock the boat , dont sink the ship
Not applicable
Created on 09-06-2006 05:56 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well it is found in the Firewall / Protection Profile. You then edit the needed profile, go to the anti-virus section, and then check the Comfort Clients... but I believe this is on OS 3.x and higher.
But I still need clarification myself on my last post. Anyone from Fortinet hear?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You are correct, gsaunders. It will also give the actual user a slow, but at least progressing, progress bar. This is still not a performance feature in any way other than preventing some re-requesting.
Your best bet is still to look at the size of files you are scanning. This isn' t much of a security issue today as almost all malicious virus traffic is passed in very small files. One day this could change as the internet gets faster and faster, but the more bloat in the malicious software then the better chance it will affect performance on the machines as well and be discovered/eliminated.
FCSE > FCNSP 2.8 > FCNSP 3.0
(Former) FCT
FCSE > FCNSP 2.8 > FCNSP 3.0 (Former) FCT
Not applicable
Created on 09-06-2006 07:34 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fireshield,
What do you recommend for a setting? What do you use?
Is the maximum size to scan setting in the same location as the Comfort Client Setting? I see the following in the Anti-Virus section: Oversized File / Email = Pass or Block and then I see Threshold which I had changed to 5 MB.
You are correct, gsaunders. It will also give the actual user a slow, but at least progressing, progress bar. This is still not a performance feature in any way other than preventing some re-requesting.Even with the Comfort Setting we see no change at all... no progress bar for 7 or 8 minutes and then we get the whole thing. I wonder if this Comfort Client Setting even works, because if we could give the user a indication that something is happening that would be fine, but since we sit their for 5 to 10 minutes then we don' t know what is going on. Anyway, I' ll probably just lower the file size limit.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- How do I avoid using default... 129 Views
- Fortinetclient SSL VPN Unable to use... 327 Views
- Fortigate using proxy to update fortigurad... 252 Views
- Client Reaches Malicious Web Page Directing... 211 Views
- VPN L2TP on Fortigate 60F behind... 262 Views
Labels
-
FortiGate
7,153 -
FortiClient
1,411 -
5.2
801 -
5.4
639 -
FortiManager
619 -
FortiAnalyzer
456 -
6.0
416 -
FortiAP
374 -
FortiSwitch
372 -
5.6
362 -
FortiClient EMS
291 -
FortiMail
281 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
175 -
FortiNAC
128 -
6.4
128 -
FortiGuard
115 -
IPsec
107 -
SSL-VPN
103 -
FortiGateCloud
97 -
FortiSIEM
93 -
FortiCloud Products
89 -
FortiToken
76 -
Customer Service
71 -
Wireless Controller
65 -
4.0MR3
64 -
FortiProxy
49 -
SD-WAN
48 -
FortiADC
45 -
FortiEDR
44 -
Fortivoice
44 -
FortiDNS
39 -
FortiExtender
35 -
FortiGate v5.4
35 -
FortiAuthenticator
35 -
FortiSandbox
34 -
Firewall policy
33 -
FortiSwitch v6.4
32 -
VLAN
31 -
High Availability
31 -
DNS
24 -
FortiWAN
24 -
FortiConnect
24 -
ZTNA
23 -
BGP
21 -
FortiConverter
21 -
Certificate
20 -
SAML
19 -
FortiGate v5.2
19 -
FortiPortal
18 -
LDAP
18 -
Interface
18 -
FortiSwitch v6.2
17 -
Routing
17 -
VDOM
17 -
FortiMonitor
15 -
Authentication
15 -
FortiGate v5.0
14 -
FortiLink
14 -
Fortigate Cloud
14 -
FortiDDoS
14 -
Logging
14 -
NAT
13 -
RADIUS
12 -
FortiCASB
12 -
Web profile
11 -
Traffic shaping
10 -
Virtual IP
10 -
SSO
10 -
SSL SSH inspection
10 -
FortiRecorder
10 -
Application control
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
WAN optimization
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
FortiGate v4.0 MR3
8 -
OSPF
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
4.0
7 -
Admin
7 -
Web application firewall profile
7 -
Static route
6 -
Security profile
6 -
Proxy policy
6 -
Traffic shaping policy
6 -
FortiAP profile
6 -
Automation
6 -
IPS signature
5 -
Packet capture
5 -
DNS Filter
5 -
FortiCache
5 -
FortiManager v4.0
5 -
trunk
5 -
FortiDeceptor
4 -
FortiDirector
4 -
Web rating
4 -
Intrusion prevention
4 -
Port policy
4 -
Antivirus profile
4 -
FortiPAM
4 -
FortiCarrier
4 -
FortiTester
4 -
3.6
4 -
DLP sensor
4 -
FortiScan
4 -
Fabric connector
3 -
NAC policy
3 -
Multicast routing
3 -
System settings
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
Fortinet Engage Partner Program
3 -
DLP Dictionary
3 -
DLP profile
3 -
FortiDB
3 -
DoS policy
3 -
Email filter profile
3 -
FortiInsight
2 -
Netflow
2 -
Users
2 -
Protocol option
2 -
FortiAI
2 -
Application signature
2 -
FortiHypervisor
2 -
VoIP profile
2 -
Internet Service Database
2 -
Explicit proxy
2 -
4.0MR1
1 -
Multicast policy
1 -
Zone
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
FortiNDR
1 -
TACACS
1 -
Replacement messages
1 -
Schedule
1 -
SDN connector
1 -
FortiManager-VM
1 -
Authentication rule and scheme
1 -
Service
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1061 | |
| 887 | |
| 527 | |
| 441 | |
| 151 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.