cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
2813
Views
0
Helpful
24
Replies
Highlighted
Beginner

ISA550W aborted and corrupted downloads

Hi,

we repeatedly see corrupted downloads (http downloads) since we installed the ISA550W, altough "normal" web browsing is working flawlessly. The behaviour we see is as follows:

  • After starting a download (in the Webbrowser), typically a small amount of data is downloaded (~ 0.5MB), then the download stalls (no further data exchange occurs). This happens most of the time when trying to download a somewhat larger file (say > 1MB), but not always.
  • When stopping a stalled download and resuming it, sometimes the download finishes - but almost every time the completed download is then corrupt (no matter if using IE or Firefox): the original download file content seems to get added to the end of the first downloaded chunk (before the resume started) - effectively increasing the total file size over the original/expected file size, and corrupting the download.
  • After a few retries (abort, restart the download completely, not resuming) typically the file gets downloaded correctly.

So basically downloading works somehow (not really stable, but after a few retries), but download resuming seems to be severly broken.

I run the latest firmware version (1.1.17) and I have enabled the full set of security services (AntiVirus, Network Reputation, AppControl, IPS, Web Reputation Filter - all with the default settings). When looking at the log files, i cannot find anything related to a specific download request - although I see a few AntiVirus related error messages, like: "msg=AV unkown error.;", "msg=AV Virus DB update failed;".

Is anybody else seeing this problem? Might this be a configuration issue or a firmware problem?

Thanks for any help on sorting this out!

24 REPLIES 24
Highlighted
Cisco Employee

HI,

Could you uncheck 'disable FTP resume' under Anti Virus->Advanced Setttings

to see if this helps ?

thanks

Wei

Highlighted

Hi Wei,

I tried that but it did not really (fully) help. I still get broken downloads - not sure if the broken resume function is fixed though. I will upgrade the firmware (as Jonathan suggested) and report again.

Regards!

Highlighted

Hi Erne,

In order to find out the root cause of your issue, i need to have your configuration, information about your WAN link bandwidth, the links that your try to download files from. You can sent private message to me. Otherwise, please open

a case with support team to get to the root of the issue.

thanks

Wei

Highlighted

Hi Wei,

I send you a private message with more information/questions. My WAN speed is 6MBit/DSL.

Regards,

     Holger

Highlighted

Hi Erne,

In case you need to open a case with Small Business Support Center, here's the link:

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

Regards,

Wei

Highlighted
Rising star

Hi H.Erne, thank you for using our forum, my name is Johnnatan I am part of the Small business Support community. I was wondering if you could create a backup of your configuration and install the current firmware again, after install the firmware perform a factory reset without any jack connection, when you complete this process reconnect the device and upload you previous configuration. You will see the current firmware download link bellow:

http://software.cisco.com/download/release.html?mdfid=283875260&softwareid=282728525&release=1.1.17

If the issue continues could you configure the devise manually just with the basic configuration? (Just for test the performance)

If the issue persist please check the MTU, (Recommended 1500)

I hope you find this answer useful

“Please rate useful posts so other users can benefit from it”

Greetings, 
Johnnatan Rodriguez Miranda.
Cisco Network Support Engineer.

“Please rate useful posts so other users can benefit from it” Greetings, Johnnatan Rodriguez Miranda. Cisco Network Support Engineer.
Highlighted

Hi Jonathan,

i followed your "clean firmware updated" procedure and now at least I don't get any more errors when trying to update the AV signatures. However now the device tells me the AV signatures are up to date, although they are a month old !!!

Here is what I see under Security Services --> Anti-Virus --> General:

Last Check:        2013-Apr-15, 18:00:01 GMT+0100 
Last Update:        2013-Mar-15, 09:11:11 GMT+0100
Version:                  201304142122
Virus Pattern Number:   680000

I will wait for a few more days to see if the aborted downloads issue also is resolved now.

Regards!

Highlighted

Hi Erne, I'm happy to have helped you, did the procedure work for your device? All is working well now?

“Please rate useful posts so other users can benefit from it”

Greetings, 
Johnnatan Rodriguez Miranda.
Cisco Network Support Engineer.

“Please rate useful posts so other users can benefit from it” Greetings, Johnnatan Rodriguez Miranda. Cisco Network Support Engineer.
Highlighted
Beginner
Beginner

Hi

I'd like to know also, I have to leave IPS disabled to get the speed I should. Antivirus and network reputation are enabled and have no effect on download speeds. If I Turn IPS on, I get slow slow downloads and some dropped connections, turn IPS off, and boom, fast downloads up to 7MBs in some instances, and no dropped connections. I'm leaving IPS disabled for now although IPS throughput was a main selling point for me buying this unit. I'm hoping a new firmware will solve these problems.

Highlighted
Cisco Employee

Hi John,

Do you have a ISA550 or ISA570 box ? Could you check the performance with IPS on, AV disabled ? You did mention that AV does not impact the performance much, please double check on this. Also, how bad is your IPS performance ?

ISA500 team is working on more performance improvement.

Regards,

Wei

Highlighted

Hi Wei

Thanks for replying. I have the ISA570. I believe I have worked out most of the problems I was having. When the router informed me that firmware version  1.2.15 was available. I updated the firmware immediately, did a factory reset. Reconfigured the router. with IPS on, AV on, Network Reputation on and Web Reputation filtering on. one other key change I made was doing this:(as mentioned above, It solved a content streaming problem) uncheck 'disable HTTP and FTP resume' under Anti Virus->Advanced Settings. I could then stream content on devices that would normally immediately drop the connection and fail. The unit now allows me to take full advantage of my 50Mbps ISP connection. Speed tests usually net about 56Mbps. Some downloads even a bit faster. I'm not saying everything is perfect, some streaming problems still exist etc., but it's much better now with all the security features that I want to use on. I Believe it was the combination of the new firmware, and the factory reset, and the unchecking of disable HTTP FTP Resume feature that got things working ok. Having windows server 2012 Essentials on the router doesn't help since I'm not a server expert. If I try to allow the server to do DHCP and DNS everything fails or is real slow so I dont allow that for now, but the server is providing DNS services to the network Domain and seems to be working just fine at the moment its the only way everything seems to work seamlessly together for now.

ThankYou,

John

Highlighted

I'm not sure, wether or not, I should use this thread because I have the same problem.

I have a isa550w, latest firmware 1.2.15 and did a factory reset after I red this thread.

I only have network reputation on and IPS on - all with the default factory settings.

On the WAN side it is connected to a ISP-router. The internet connection is 30mbit down and 10mbit up, ping 27 ms.

Working without the isa550w everything is FAST, as it can be. I cann download files directly or even with download managers( form the manufactures of the software I use) or can watch some streams on youtube or listen my songs on soundcloud.

With the ISA in between, it's slowlier but ok - the speedtest is still the same.

Accessing downloads or streaming sites it is broken. At the ISP-router there is a utilisation display- Accessing streams with the isa in between I never reach a min. of 2mbit.

Actually I have no clue how to go on. I planned to renew my older ASA5505, but actually it's more likely I dump the ISA.

Highlighted

I too am having this issue.  In my instance I'm using the download/install of Adobe Flash as my test.  Turning off IPS on the LAN Zone allowed me to download the installer, however making any adjustments mentioned above is not correcting the installers ability to download all the necessary files, past 17%, before failing.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
Highlighted

HI Shawn,

Could you please open a TAC cases for the adobe flash download/install issue with IPS on ?

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

thanks

Wei