- NG Firewall firmware versions 4.2.x, 5.0.x, 5.2.x
- netfence firmware versions 4.2.x
In the meantime, the proxy will forward a small early amount of data to initialize the download on the client browser, followed by tiny packets to keep the download alive. Once the AV scan has successfully completed, the file will be sent to the client browser, at which point the speed will increase.
Should the file be rejected by the scanner for whatever reason (such as containing a virus, or configuration settings of the AV service), the trickle download to the client browser will be stopped, while the client saves the small piece already received. The reason it was rejected can be found in the AV log on the netfence system.
Since the scan cannot begin before the download is completed (especially with archives, as they need to be extracted first), the pieces forwarded contain unscanned data. Due to security reasons the maximum size for that is limited.
The issue is solely subjective on the side of the user. They believe the initial slowness, and thus the estimated time left shown in the browser will not change, and possibly cancel the download before it is finished. Care has to be taken to inform them that this is not the case.
The actual download speed itself is not affected, and happens at the full speed the connection and traffic shaping rules allow.
Data Trickling is not possible with HTTPS-downloads over Secure Web Proxy.