Solved

Watchguard: files cut off at 1 Mb!?

Posted on 2013-11-27
13
299 Views
Last Modified: 2013-12-11
Hi,

Weird phenomenon here (and not actually sure it's because of the firewall):

Some people on the outside need to download an XML file of several megabytes from our web server but the file is always cut off at exactly 1 Mb ...

Where could such a problem come from, firewall-wise?

Thanks a lot!
0
Comment
Question by:Xeronimo
  • 8
  • 5
13 Comments
 
LVL 9

Expert Comment

by:stu29
ID: 39681894
Does this happen when you are not behind the firewall?
0
 

Author Comment

by:Xeronimo
ID: 39683018
If we try to download it internally via the internal IP address of the server then it works and the file is not truncated at 1 MB.

But if we try to download it internally via the INTERNET host name then it fails as well and the file is truncated at 1 MB.

So the firewall really seems to be the cause ... ?
0
 
LVL 9

Expert Comment

by:stu29
ID: 39690064
Sounds like it could be.  How are your connections getting through to your webserver?  Are you NAT-ing them through ext IP to Int IP?  Or does your server carry and Internal and External IP on separate NIC's?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:Xeronimo
ID: 39690126
I'm using a NAT
0
 
LVL 9

Expert Comment

by:stu29
ID: 39692372
So it is not the server then as you connections are all hitting your internal IP.  So something in you firebox config is restricting the connections.

Connect from an External IP, and check your firewall logs for all connections from that IP address.  it will tell you what rules you are hitting and help you narrow it down.
0
 

Author Comment

by:Xeronimo
ID: 39698195
The problem is that I don't see any errors in the log regarding that IP ... it seems that the 1Mb limit is activated somewhere but I don't know where!?
0
 
LVL 9

Expert Comment

by:stu29
ID: 39698308
depending on the WG model ..

If it is a SOHO type Firewall you will have to access the debug logs (this is via the web gui .. cannot remember the exact switch .. think it may just be at the end of the logs page add /debug)

If it is a standard Firewall then using system manager you may have to enable logging of allowed connections also to catch it.
0
 

Author Comment

by:Xeronimo
ID: 39698323
I have enabled logging, it's a Watchguard XTM510.
0
 

Author Comment

by:Xeronimo
ID: 39698342
The problem also ONLY appears when we try to download an XML file that is generated by our web application using the external domain name ...

Random, multi-Mb XML files that we copy on that server for testing purposes get downloaded in their full size (even when downloaded via the external domain name)! Same for those generated files if we access the web app on its internal IP address.

I hope you get what I mean ...
0
 

Accepted Solution

by:
Xeronimo earned 0 total points
ID: 39700432
Hm, so I've created a new firewall policy just for this one server and I've used the default HTTP Proxy-Server settings and now it works ... I still don't know which option in the modified policy is cutting of generated XML files though!?
0
 
LVL 9

Assisted Solution

by:stu29
stu29 earned 500 total points
ID: 39700750
So you have narrowed it down .. this is good.  The only real way to track it down is to change the default policy settings one by one until you find it.  It is a pain I know .. but.

i currently don't have any WG equipment at this position so that level of detail i cannot help with (sorry).  I would start with the larger changes (adding weblocker policy etc) and then move on the Proxy rule itself.

Good luck
0
 

Author Comment

by:Xeronimo
ID: 39700761
Thanks, stu!
0
 

Author Closing Comment

by:Xeronimo
ID: 39710821
I accepted my own comment as part of the solution because it helped.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question