Cisco Cisco Web Security Appliance S170 사용자 가이드
A-6
AsyncOS 10.0 for Cisco Web Security Appliances User Guide
Appendix A Troubleshooting
Upload/Download Speed Issues
Large FTP Transfers Disconnect
If the connection between the FTP Proxy and the FTP server is slow, uploading a large file may take a long
time, particularly when Cisco Data Security Filters are enabled. This can cause the FTP client to time out
before the FTP Proxy uploads the entire file and you may get a failed transaction notice. The transaction
does not fail, however, but continues in the background and will be completed by the FTP Proxy.
time, particularly when Cisco Data Security Filters are enabled. This can cause the FTP client to time out
before the FTP Proxy uploads the entire file and you may get a failed transaction notice. The transaction
does not fail, however, but continues in the background and will be completed by the FTP Proxy.
You can workaround this issue by increasing the appropriate idle timeout value on the FTP client.
Zero Byte File Appears On FTP Servers After File Upload
FTP clients create a zero byte file on FTP servers when the FTP Proxy blocks an upload due to outbound
anti-malware scanning.
anti-malware scanning.
Chrome Browser Not Detected As User Agent in FTP-over-HTTP Requests
Chrome browsers do not include a user-agent string in FTP-over-HTTP requests; therefore, Chrome
cannot be detected as the user agent in those requests.
cannot be detected as the user agent in those requests.
Upload/Download Speed Issues
The WSA is designed to handle thousands of client and server connections in parallel, and the sizes of
the send and receive buffers are configured to deliver optimal performance, without sacrificing stability.
Generally, actual usage is browse traffic, consisting of numerous short-lived connections for which we
have receive-packet-steering (RPS) and receive-flow-steering (RFS) data, and for which the WSA has
been optimized.
the send and receive buffers are configured to deliver optimal performance, without sacrificing stability.
Generally, actual usage is browse traffic, consisting of numerous short-lived connections for which we
have receive-packet-steering (RPS) and receive-flow-steering (RFS) data, and for which the WSA has
been optimized.
However, at times you may experience a noticeable reduction in upload or download speeds; for
example, when transferring large files via proxy. To illustrate: assuming a 10-Mbps line, downloading a
100-MB file that passes through a WSA can be approximately seven to eight times slower than
downloading the file directly from its server.
example, when transferring large files via proxy. To illustrate: assuming a 10-Mbps line, downloading a
100-MB file that passes through a WSA can be approximately seven to eight times slower than
downloading the file directly from its server.
In non-typical environments that include a larger proportion of large-file transfers, you can use the
networktuning
command to increase send and receive buffer size to alleviate this issue, but doing so can
also cause network memory exhaustion and affect system stability. See
for details of the
networktuning
command.
Caution
Exercise care when changing the TCP receive and send buffer control points and other TCP buffer
parameters. Use the
parameters. Use the
networktuning
command only if you understand the ramifications.
Here are examples of using the
networktuning
command on two different appliances:
On an S380
networktuning
sendspace = 131072
recvspace = 131072
send-auto = 1 [Remember to disable miscellaneous > advancedproxy > send buf auto tuning]
recv-auto = 1 [Remember to disable miscellaneous > advancedproxy > recv buf auto tuning]
mbuf clusters = 98304 * (X/Y) where is X is RAM in GBs on the system and Y is 4GB.
sendbuf-max = 1048576
recvbuf-max = 1048576