Capture ATP does not inspect files or it takes too long

This article describes the common steps to adopt when Capture ATP is not working as expected:

• Capture ATP not sending files to the backend for scanning
• Block Until Verdict is blocking all files and a verdict is never returning
• Capture ATP Status page shows no files being sent to the backend during the last few days.

Sometimes Capture ATP stops working due to:

• Cache is full
• Environmental issues
• Packets being dropped on the ISP side

1. Make sure you're running the latest SonicOS Release.
2. Make sure Gateway Anti-Virus is enabled and that the inspection for the required protocols is enabled inbound/outbound (depending on requirements for Capture ATP)
3. Make sure Gateway Anti-Virus is enabled on the required zones.
4. Enable DPI-SSL to be able to use Capture ATP on HTTPS Connections: How to decrypt HTTPS Traffic using DPI-SSL?
5. Go to the diag page (on the URL type https://IPofyourSonicWall/diag.html) and check the following options:
   
   • Set UFTP retransmit buffer size: to 10 Mbytes
   • Lower the UFTP MTU to 1024bytes
   • Enable Pseudo-randomize source port for UFTP
   • Click Accept on top of the page
     
     
6. Clear the following caches on the diag page:
   • Reset Capture ATP Cache
   • Reset Cloud AV cache
   • Reset HTTP Clientless Notification Cache

After applying all the steps above, please restart your firewall (if you have an HA pair you will have to force a failover and then failback).

NOTE: The Block Until Verdict Option only works with HTTP/S connections.

NOTE: Make sure that ports from 2259 to 2280 are not being blocked by any upstream device. Try to run a packet capture on System | Packet Monitor to see whether the firewall is correctly generating the packets (packets being displayed as Generated).

1. Online: Visit mysonicwall.com. Once logged in select Resources & Support | Support | Create Case. 

2. By phone: please use our toll-free number at 1-888-793-2830. Please have your SonicWall serial number available to create a new support case.

If you do not have a mysonicwall.com account create one for free!