- Products
- Network Security
- Threat Protection
- Secure Access Service Edge (SASE)
- Cloud Security
- Endpoint Security
- Email Security
- Secure Access
-
Wi-Fi 6 Access Points
SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.
Read More
- Solutions
- Industries
- Use Cases
- Solutions Widgets
- Solutions Content Widgets
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
- Solutions Image Widgets
-
- Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
- Custom HTML : Partners Content WIdgets
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
- Partners Image Widgets
-
- Support
- Support
- Resources
- Capture Labs
- Support Widget
- Custom HTML : Support Content WIdgets
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
- Support Image Widgets
-
- COMPANY
- PROMOTIONS
- MANAGED SERVICES
- Contact Sales
-
- Menu
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
BITS blocked by Gateway Anti-Virus with no dropped packets
03/26/2020 
1 People found this article helpful
190,798 Views
Description
When you try to download a file by using the Background Intelligent Transfer Service (BITS): "Content file download failed". The same has been seen when trying to update Adobe Acrobat from MACOS using the built-in updater.
As a troubleshooting test, disabling HTTP Inbound Inspection on SonicWall Gateway Anti-Virus will fix this but no related signatures blocking this traffic can be found and running a packet monitor will show all packets forwarded (no drops).
Cause
The Accept-Range header is used by the server to inform the client if ranges are supported. Ranges are used by clients to request a partial file (i.e. from bytes 30 to 500).
When you copy a file by using BITS in background mode, the file is copied in multiple small parts. To perform this kind of copy operation, BITS uses the HTTP 1.1 Content-Range header. If you are behind a proxy server or behind a firewall that removes this header, the file copy operation is unsuccessful.
NOTE: When BITS copies files in foreground mode, BITS does not use this header.
However, exploits can be used when servers accept ranges – if an attacker request bytes from 0 to a very large number (larger than 64-bit for example), they can cause a buffer/integer overflow.
NOTE: This should not happen if servers are up-to-date to the latest IIS but if the customer runs a old/outdated server, the attack may pass through.
SonicWall is well known to remove this header as we consider it non-secure however if an application uses HTTP ranges this option must be enabled.
Resolution
To fix this, please follow these steps:
- Login to your firewall.
- Edit the URL https://IP_Firewall/main.html by replacing main.html with diag.html
- Click Internal Settings
- Enable the option "Keep HTTP header Accept-Range bytes"
This way the SonicWall will not remove the header but this may expose your servers if they're not up-to-date.
Related Articles
- How to Setup the SonicWave 600 series
- Identical Access Rules for different users/user groups
- Advanced Network Security eLearning Training Course
Categories
- Firewalls > SonicWall NSA Series > IPS/GAV/Spyware
- Firewalls > TZ Series > IPS/GAV/Spyware
- Firewalls > NSa Series > IPS/GAV/Spyware
YES
NO