Cisco Cisco Web Security Appliance S170 사용자 가이드

If the connection between the FTP Proxy and the FTP server is slow, uploading a large file may take a 
long time, particularly when Cisco Data Security Filters are enabled. This can cause the FTP client to 
time out before the FTP Proxy uploads the entire file and you may get a failed transaction notice. The 
transaction does not fail, however, but continues in the background and will be completed by the FTP 
Proxy.

You can workaround this issue by increasing the appropriate idle timeout value on the FTP client.

FTP clients create a zero byte file on FTP servers when the FTP Proxy blocks an upload due to outbound 
anti-malware scanning.

Also see: 

For transparently redirected HTTPS requests, the Web Proxy must contact the destination server to 
determine the server name and therefore the URL category in which it belongs. Due to this, when the 
Web Proxy evaluates Routing Policy Group membership, it cannot yet know the URL category of an 
HTTPS request because it has not yet contacted the destination server. If the Web Proxy does not know 
the URL category, it cannot match the transparent HTTPS request to a Routing Policy that uses a URL 
category as membership criteria.

As a result, transparently redirected HTTPS transactions only match Routing Policies that do not define 
Routing Policy Group membership criteria by URL category. If all user-defined Routing Policies define 
their membership by URL category, transparent HTTPS transactions match the Default Routing Policy 
Group.