Solved

Watchguard: files cut off at 1 Mb!?

Posted on 2013-11-27
13
304 Views
Last Modified: 2013-12-11
Hi,

Weird phenomenon here (and not actually sure it's because of the firewall):

Some people on the outside need to download an XML file of several megabytes from our web server but the file is always cut off at exactly 1 Mb ...

Where could such a problem come from, firewall-wise?

Thanks a lot!
0
Comment
Question by:Xeronimo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
13 Comments
 
LVL 9

Expert Comment

by:stu29
ID: 39681894
Does this happen when you are not behind the firewall?
0
 

Author Comment

by:Xeronimo
ID: 39683018
If we try to download it internally via the internal IP address of the server then it works and the file is not truncated at 1 MB.

But if we try to download it internally via the INTERNET host name then it fails as well and the file is truncated at 1 MB.

So the firewall really seems to be the cause ... ?
0
 
LVL 9

Expert Comment

by:stu29
ID: 39690064
Sounds like it could be.  How are your connections getting through to your webserver?  Are you NAT-ing them through ext IP to Int IP?  Or does your server carry and Internal and External IP on separate NIC's?
0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 

Author Comment

by:Xeronimo
ID: 39690126
I'm using a NAT
0
 
LVL 9

Expert Comment

by:stu29
ID: 39692372
So it is not the server then as you connections are all hitting your internal IP.  So something in you firebox config is restricting the connections.

Connect from an External IP, and check your firewall logs for all connections from that IP address.  it will tell you what rules you are hitting and help you narrow it down.
0
 

Author Comment

by:Xeronimo
ID: 39698195
The problem is that I don't see any errors in the log regarding that IP ... it seems that the 1Mb limit is activated somewhere but I don't know where!?
0
 
LVL 9

Expert Comment

by:stu29
ID: 39698308
depending on the WG model ..

If it is a SOHO type Firewall you will have to access the debug logs (this is via the web gui .. cannot remember the exact switch .. think it may just be at the end of the logs page add /debug)

If it is a standard Firewall then using system manager you may have to enable logging of allowed connections also to catch it.
0
 

Author Comment

by:Xeronimo
ID: 39698323
I have enabled logging, it's a Watchguard XTM510.
0
 

Author Comment

by:Xeronimo
ID: 39698342
The problem also ONLY appears when we try to download an XML file that is generated by our web application using the external domain name ...

Random, multi-Mb XML files that we copy on that server for testing purposes get downloaded in their full size (even when downloaded via the external domain name)! Same for those generated files if we access the web app on its internal IP address.

I hope you get what I mean ...
0
 

Accepted Solution

by:
Xeronimo earned 0 total points
ID: 39700432
Hm, so I've created a new firewall policy just for this one server and I've used the default HTTP Proxy-Server settings and now it works ... I still don't know which option in the modified policy is cutting of generated XML files though!?
0
 
LVL 9

Assisted Solution

by:stu29
stu29 earned 500 total points
ID: 39700750
So you have narrowed it down .. this is good.  The only real way to track it down is to change the default policy settings one by one until you find it.  It is a pain I know .. but.

i currently don't have any WG equipment at this position so that level of detail i cannot help with (sorry).  I would start with the larger changes (adding weblocker policy etc) and then move on the Proxy rule itself.

Good luck
0
 

Author Comment

by:Xeronimo
ID: 39700761
Thanks, stu!
0
 

Author Closing Comment

by:Xeronimo
ID: 39710821
I accepted my own comment as part of the solution because it helped.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question