Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

NSa 4700 (Gen 7 firewall) - Failed , Stalled & Incomplete Downloads (Intermittent)

Hello SonicWALL community,

My organization has just in installed a NSa 4700 (Gen 7 firewall) after configuration we have noticed one issue:

Some apps are having trouble reaching out for "automated" downloads (e.g. Microsoft teams installer, Autodesk installer) In addition a few IT Staff members have attempted to manually download applications from the VMware website and in this case the file will reach about 98% completion and fails then creates a corrupt or blank file. We also had a similar issue with Power BI but we have since located the target site and whitelisted it (Fixed). Installation of PowerShell Modules/Repository's hang as well. That being said; not all downloads do this. We believe this problem may have something to do with DPI-SSL. We have done differential testing on this issue by connecting to our guest Wi-Fi network which is on the same appliance but does not have DPI-SSL enabled for that zone. Looking at the logs we do not see any broken connections or anything glaring.

Thanks in advance!

Chris

Category: High End Firewalls
Reply
Tagged:

Answers

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    @csukosd

    You are right & I tested with some other downloads as well and noticed that DPI-SSL enabled clients cannot able to download any executable files and it's been blocking by DPI-SSL GAV.

    Tried to download Adobe reader from DPI-SSL enabled client and it got blocked.

    NB: Tested Unit NSa9250 - SonicOS Enhanced 6.5.4.7-83n.

    If anybody tested with the latest Firmware, please let me know the status. (Gen 6 & Gen 7)

  • csukosdcsukosd Newbie ✭
    edited April 2022

    @Ajishlal This is our current firmware version:

    As stated before without DPI-SSL enabled via our guest network we have no issues. As of yesterday GitHub has been brought up as a additional problem site. One of our Automation Engineers could not download two files manually via a web browser.


  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Do you have Capture ATP enabled and set to wait for result before allowing download?

  • csukosdcsukosd Newbie ✭
    edited April 2022

    @TKWITS

    Captive ATP is enabled. Here is some additional configuration information.



  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    @TKWITS @csukosd

    Dears for testing purpose I excluded the client from the Capture ATP but the result is same. Executable files are keep failing while downloading.

    From Client DPI-SSL configuration if we disable the GAV, download will work perfectly.

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    @Saravanan @shiprasahu93

    dears do you have any updates regarding the subjected issue ?

  • csukosdcsukosd Newbie ✭

    I appreciate the help everyone! Please keep me updated on a possible solution.

Sign In or Register to comment.