- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
BITS blocked by Gateway Anti-Virus with no dropped packets
03/26/2020 
1 People found this article helpful
39,118 Views
Description
When you try to download a file by using the Background Intelligent Transfer Service (BITS): "Content file download failed". The same has been seen when trying to update Adobe Acrobat from MACOS using the built-in updater.
As a troubleshooting test, disabling HTTP Inbound Inspection on SonicWall Gateway Anti-Virus will fix this but no related signatures blocking this traffic can be found and running a packet monitor will show all packets forwarded (no drops).
Cause
The Accept-Range header is used by the server to inform the client if ranges are supported. Ranges are used by clients to request a partial file (i.e. from bytes 30 to 500).
When you copy a file by using BITS in background mode, the file is copied in multiple small parts. To perform this kind of copy operation, BITS uses the HTTP 1.1 Content-Range header. If you are behind a proxy server or behind a firewall that removes this header, the file copy operation is unsuccessful.
NOTE: When BITS copies files in foreground mode, BITS does not use this header.
However, exploits can be used when servers accept ranges – if an attacker request bytes from 0 to a very large number (larger than 64-bit for example), they can cause a buffer/integer overflow.
NOTE: This should not happen if servers are up-to-date to the latest IIS but if the customer runs a old/outdated server, the attack may pass through.
SonicWall is well known to remove this header as we consider it non-secure however if an application uses HTTP ranges this option must be enabled.
Resolution
To fix this, please follow these steps:
- Login to your firewall.
- Edit the URL https://IP_Firewall/main.html by replacing main.html with diag.html
- Click Internal Settings
- Enable the option "Keep HTTP header Accept-Range bytes"
This way the SonicWall will not remove the header but this may expose your servers if they're not up-to-date.
Related Articles
- All associated wildcard FQDN IP addresses do not display in the web browser
- How to Re-Install The Junk Store
- SonicWall NSv Series FAQ
Categories
- Firewalls > SonicWall NSA Series > IPS/GAV/Spyware
- Firewalls > TZ Series > IPS/GAV/Spyware
- Firewalls > NSa Series > IPS/GAV/Spyware
YES
NO