some wild guesses: What you see might be the latency caused by the AV proxies. For instance, the FG must assemble a complete email attachment before scanning it; fragmented viruses would not match signatures. This causes the mail to be sucked in immediately, then the scanning takes some time (seconds or fractions of) and then the mail is delivered in one move. This staccato can sometimes be observed well with web browsing. The screws for tuning this behaviour are the maximum scan size settings in the protection profiles. If you use v4, they still exist in a different menu. There you can specify the largest piece of data that will be AV scanned, for each service (http, imap, pop3, smtp, ftp) that is proxied. If the data chunk is bigger it get passed through unscanned. To experiment, see to it that you disable content scanning altogether. If that cures your outages, put it back in and fine tune it. You haven' t told us much about the network load your FG sees, or the amount of content scanning, CPU and memory load. But I guess performance is not the issue. Not with a FG200B.

some wild guesses: What you see might be the latency caused by the AV proxies. For instance, the FG must assemble a complete email attachment before scanning it; fragmented viruses would not match signatures. This causes the mail to be sucked in immediately, then the scanning takes some time (seconds or fractions of) and then the mail is delivered in one move. This staccato can sometimes be observed well with web browsing. The screws for tuning this behaviour are the maximum scan size settings in the protection profiles. If you use v4, they still exist in a different menu. There you can specify the largest piece of data that will be AV scanned, for each service (http, imap, pop3, smtp, ftp) that is proxied. If the data chunk is bigger it get passed through unscanned. To experiment, see to it that you disable content scanning altogether. If that cures your outages, put it back in and fine tune it. You haven' t told us much about the network load your FG sees, or the amount of content scanning, CPU and memory load. But I guess performance is not the issue. Not with a FG200B.

I was hoping tech support would figure it out before I posted here for ideas, but I guess it' s been long enough, so I will give the community a whack at my problem. Symptoms: Http Downloads from various sites not going to completion from at least 10 different sites and FTP servers. The amount that would download before failing varies each time. I tested using a 175mb file from trials2.adobe.com. Sometimes I would get only 100kb, sometimes 10MB, sometimes 50 mb, the download in IE would say complete, but I would be missing >50% of the download. I tried this literally hundreds of times over past 10 days, as have other users here. Never once finished a complete download on files bigger than a few MB. We do have internet access, the FTP server works, email works, antivirus/web/email filtering all work. It' s just that downloads fail and I see allot of " page not found" errors, which a simple refresh fixes, but it really is annoying. Network Layout: My network is very simple. I have attached a diagram. CPU load seems to be around 10% to 20% most all of the time. Mem usage is around 22% most of the time. I do UTM av scanning on most everything coming into/out of the network, web filtering, IPS filtering, email filtering, NO VOIP, NO VPN. Trouble shooting: I have tried using client comforting at various levels, including OFF. I have set the oversize file threshold to 10MB, then 5MB, then 3MB, with a PASS. 3MB was really as low as I wanted to go, but as of today, I have set each protocol it to 2MB to see what happens. I have done HUNDREDS of test/real downloads from many places, with different client PC' s, different browsers, different times of day, different OS' s, various file sizes, some HTTPS, some HTTP, etc, etc.... The simple fact is: when UTM is checked " on" for a given firewall policy, the files are corrupt and fail to download. As soon as this is turned " off" it works, every single time. Any expert help would be appreciated. I dont see why my 60B could do >3mb AV scanning, and my 200B cannot....

Why don' t you try a different browser

I have done HUNDREDS of test/real downloads from many places, with different client PC' s, different browsers

it sure helps if you can read... back to the topic: I' ve seen this behaviour before, with HTTP traffic stalling for a couple of seconds. Meanwhile the browser times the session out. Until the Fortinet support comes back from vacation, - goole around to see if you can influence the browsers' timeout settings - prepare to change your FortiOS version (which is ...?) to see if it improves. Apparently not all users are experiencing this so there might be a chance that you find a working build. Mine is 4.1.5 and I cannot say that I have that many timeouts as you have but still some occur.

I' ve seen this behaviour before, with HTTP traffic stalling for a couple of seconds. Meanwhile the browser times the session out. Until the Fortinet support comes back from vacation, - goole around to see if you can influence the browsers' timeout settings - prepare to change your FortiOS version (which is ...?) to see if it improves. Apparently not all users are experiencing this so there might be a chance that you find a working build. Mine is 4.1.5 and I cannot say that I have that many timeouts as you have but still some occur.

I have v4.0,build0291,100824 (MR2 Patch 2). Which I think translates into 4.2.2. Tech support has no idea what is wrong with my unit and/or Patch 1 and 2. I guess I might have to downgrade to 4.1.7, which just came out I believe, but I would really rather get a workaround or hold out for Patch 3.

yeah, the second I uncheck UTM on a given firewall policy, the problem disappears. The issue then is, what is the point of the firewall? :)