- NG Firewall firmware versions 4.2.x, 5.0.x, 5.2.x
- netfence firmware versions 4.2.x
The Adobe Updater application has a very short configured timeout to get requested data. In order to scan the requested data for malicious code, the proxy service has to download the complete package before it can be delivered to the client. As the download time exceeds the timeout, the Adobe Updater application starts to request the package again.
So far, although not recommended from a security point of view, a workaround is to exclude adobe downloads from antivirus scanning. To do this, configure the "Config" > "Box" > "Virtual Servers" > "<Servername>" > "Assigned Services" > "<Servicename>" > "HTTP Proxy Settings" > "Content Inspection"> "Scan Exceptions" for example like this:
Since firmware release 4.2.7 Data Trickling is possible. Therefore the following options have to be configured:
"Config" > "Box" > "Virtual Servers" > "<Servername>" > "Assigned Services" > "<Servicename>" > "HTTP Proxy Settings" > "Content Inspection" > "Enable Trickle Feature" to "yes"
"Config" > "Box" > "Virtual Servers" > "<Servername>" > "Assigned Services" > "<Servicename>" > "HTTP Proxy Settings" > "Content Inspection" > "Advanced Trickle Settings" > "Enable Data Trickle Feature" to "yes"
Remind, that Data Trickling is not active below the configured "Trickle Size Low Watermark" ("Config" > "Box" > "Virtual Servers" > "<Servername>" > "Assigned Services" > "<Servicename>" > "HTTP Proxy Settings" > "Content Inspection" > "Trickle Size Low Watermark (MB)"). Adobe updates may be smaller than the default configuration of 50MB.