-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
BITS blocked by Gateway Anti-Virus with no dropped packets
03/26/2020 
3 People found this article helpful
479,655 Views
Description
When you try to download a file by using the Background Intelligent Transfer Service (BITS): "Content file download failed". The same has been seen when trying to update Adobe Acrobat from MACOS using the built-in updater.
As a troubleshooting test, disabling HTTP Inbound Inspection on SonicWall Gateway Anti-Virus will fix this but no related signatures blocking this traffic can be found and running a packet monitor will show all packets forwarded (no drops).
Cause
The Accept-Range header is used by the server to inform the client if ranges are supported. Ranges are used by clients to request a partial file (i.e. from bytes 30 to 500).
When you copy a file by using BITS in background mode, the file is copied in multiple small parts. To perform this kind of copy operation, BITS uses the HTTP 1.1 Content-Range header. If you are behind a proxy server or behind a firewall that removes this header, the file copy operation is unsuccessful.
NOTE: When BITS copies files in foreground mode, BITS does not use this header.
However, exploits can be used when servers accept ranges – if an attacker request bytes from 0 to a very large number (larger than 64-bit for example), they can cause a buffer/integer overflow.
NOTE: This should not happen if servers are up-to-date to the latest IIS but if the customer runs a old/outdated server, the attack may pass through.
SonicWall is well known to remove this header as we consider it non-secure however if an application uses HTTP ranges this option must be enabled.
Resolution
To fix this, please follow these steps:
- Login to your firewall.
- Edit the URL https://IP_Firewall/main.html by replacing main.html with diag.html
- Click Internal Settings
- Enable the option "Keep HTTP header Accept-Range bytes"
This way the SonicWall will not remove the header but this may expose your servers if they're not up-to-date.
Related Articles
- How to Block Google QUIC Protocol on SonicOSX 7.0?
- How to block certain Keywords on SonicOSX 7.0?
- How internal Interfaces can obtain Global IPv6 Addresses using DHCPv6 Prefix Delegation
Categories
- Firewalls > SonicWall NSA Series > IPS/GAV/Spyware
- Firewalls > TZ Series > IPS/GAV/Spyware
- Firewalls > NSa Series > IPS/GAV/Spyware
YES
NO