We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

Adobe updater clients consum complete download bandwith if update is triggered over phion HTTP proxy

  • Type: Knowledgebase
  • Date changed: 6 months ago
Solution 00005301 

 
Scope:
This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x, 5.2.x
- netfence firmware versions 4.2.x

 
Symptoms:
In coherence with virscan-service adobe-updater-clients consume the whole bandwidth of your internet connection, as soon as they try to initiate updates relayed through the proxy service.

 
Solution:

The Adobe Updater application has a very short configured timeout to get requested data. In order to scan the requested data for malicious code, the proxy service has to download the complete package before it can be delivered to the client. As the download time exceeds the timeout, the Adobe Updater application starts to request the package again.


So far, although not recommended from a security point of view, a workaround is to exclude adobe downloads from antivirus scanning. To do this, configure the "Config" > "Box" > "Virtual Servers" > "<Servername>" > "Assigned Services" > "<Servicename>" > "HTTP Proxy Settings" > "Content Inspection"> "Scan Exceptions" for example like this:


 








































Since firmware release 4.2.7 Data Trickling is possible. Therefore the following options have to be configured:
"Config" > "Box" > "Virtual Servers" > "<Servername>" > "Assigned Services" > "<Servicename>" > "HTTP Proxy Settings" > "Content Inspection" > "Enable Trickle Feature" to "yes"
"Config" > "Box" > "Virtual Servers" > "<Servername>" > "Assigned Services" > "<Servicename>" > "HTTP Proxy Settings" > "Content Inspection" > "Advanced Trickle Settings" > "Enable Data Trickle Feature" to "yes"

 



































Remind, that Data Trickling is not active below the configured "Trickle Size Low Watermark" ("Config" > "Box" > "Virtual Servers" > "<Servername>" > "Assigned Services" > "<Servicename>" > "HTTP Proxy Settings" > "Content Inspection" > "Trickle Size Low Watermark (MB)"). Adobe updates may be smaller than the default configuration of 50MB.



Link to This Page:
https://campus.barracuda.com/solution/50160000000IKbWAAW