This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
B_P
Advisor
‎2025-03-26 11:38 AM

R82 | Large File Downloads Fail with HTTPS Inspection

When downloading large files (~4.5GB), they fail after a few GB or so. This only happens on clients whose traffic is HTTP inspected. Not sure if sk150933 is applicable as fw ctl commands don't show indicators. Why would HTTPS inspection cause the download to fail midway through?

0 Kudos
14 Replies
the_rock
MVP Platinum
MVP Platinum
‎2025-03-26 11:47 AM

How is blade settings configured? Fail open or close? Also, is it set to background or hold?

Andy

Best,
Andy
0 Kudos
PhoneBoy
Admin
Admin
‎2025-03-26 11:49 AM

HTTPS Inspection alone shouldn't cause this.
Threat Prevention may, though large files should be bypassed for emulation.
What blades are enabled here and is there any relevant logs?

0 Kudos
B_P
Advisor
‎2025-03-26 02:45 PM
In response to PhoneBoy

Mmmm yes, possibly (and likely) Threat Prevention. Seems like every once in a while I'll see a detect on the domain but nothing on why. It oddly just says "whatever.domain.com Detected".

0 Kudos
Wolfgang
MVP Gold
MVP Gold
‎2025-03-26 02:17 PM

We had similar experience with R82, but not sure that HTTPS inspection is the problematic feature. The download stops after some time and after a long time 30-50s the download continues . The same behaviour is seen with streaming, after some minutes watching a stream it stops and continues after some seconds.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-03-26 03:13 PM
In response to Wolfgang

Thats interesting...I may upgrade my cluster to R82 in the lab to test this theory, since I had never seen that problem in R81.20

Andy

Best,
Andy
0 Kudos
ccsjnw
Contributor
‎2025-11-11 09:49 AM

I have the same issue. Large files (Proliant Support Pack) downloaded directly from HPE. When HTTPs is enabled, after 4.5 GB has been downloaded a network error is reported in the browser (Microsoft Edge) and the download stops and it won't recover.

I tried a number of different large ISO files from HPE, and they all failed after exactly 4,350,966K had been successfully downloaded.

I have two internal subnets. One has HTTPS inspection enabled and the other does not. All other settings are identical. 
The large downloads work from the subnet that does not have HTTPS inspection enabled.

I have downloaded large ISO files from Microsoft, and these have worked OK. So it appears it's only certain sites that have the problem, but so far, I've not been able to find a pattern.

There's nothing in the Firewall logs that indicates any problems, nothing is blocked or dropped.
I have extended logging enabled for all web traffic.

I don't think this is new to R82. Pretty sure it occurred in earlier releases too.
I'm running R82 with the latest recommenced Jumbo Hotfix Accumulator.

Preview file
22 KB
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-11-11 09:57 AM
In response to ccsjnw

How are fail and categorization modes configured under blades setting in manage&settings in smart console? I always find its best to have it to block and background, respectively.

Best,
Andy
0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2025-11-11 12:04 PM
In response to ccsjnw

Any PBR configured?  sk183194: Slow web browsing to the Internet and download of files is stuck

Using Firefox with DNS over HTTPS enabled? sk183628: HTTPS Inspection is slow when using the Firefox web browser with DoH enabled

Lightspeed card involved? sk184291: LightSpeed Acceleration Card may fail to accelerate large data TCP connections at the hard...

This is kind of old and probably fixed, but might be worth checking: sk150933: High Latency or Download of large files from http or https is slow or get stuck

Quantum Force Appliance (3900/9XXX/19XXX/29XXX)?  Might be a UPPAK thing but unlikely.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-11-11 12:18 PM
In response to ccsjnw

This is what I was referring to.

Best,
Andy
Preview file
76 KB
Preview file
114 KB
Preview file
79 KB
Preview file
95 KB
0 Kudos
ccsjnw
Contributor
‎2025-11-11 01:12 PM
In response to the_rock

I'll investigate when I get time, and report back my results. Thanks for the tips.

the_rock
MVP Platinum
MVP Platinum
‎2025-11-11 01:38 PM
In response to ccsjnw

Sounds good.

Best,
Andy
0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-11-11 07:12 PM
In response to ccsjnw

To clarify do you see any of the symptoms described by sk183681: Security Gateway blocks the download of files larger than 4 GB with the log "Application C...  ?

CCSM R77/R80/ELITE
the_rock
MVP Platinum
MVP Platinum
‎2025-11-11 07:17 PM
In response to Chris_Atkinson

Great point Chris, that certainly could be related.

Best,
Andy
0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
a month ago

@B_P  Have you investigated sk183681 and did it solve your issue?

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events