DescriptionThis article describes a case when software applications requiring resume cannot download content through the FortiGate when a Web Filter profile is used and the "Web resume download block" option has been enabled.
SolutionMany Internet software applications running on hosts require support for resuming file downloads via the Range Header in the HTTP protocol. These applications can be identified by running a packet sniffer with verbose level 6 to verify the use of the Range Header in downloaded content.
When the corresponding firewall policy is configured to use a Web Filter profile, these applications cannot download content if the "Web resume download block" option is enabled and will return error messages as "Unable to connect", "Network connection error", etc.
Therefore, in the case described above, the "Web resume download block" option for the corresponding Web Filter profile must be disabled as follows via the Web Interface or CLI commands.
Web Interface
a. Go to Security Profiles > Web Filter and select the specific Web Filter Profile.
b. Under Proxy Options, ensure that "Web resume download block" is not checked.
c. Click Apply.
CLI commands
config webfilter profile
edit <profile name>
show full
- Ensure that "set options" does not include the "rangeblock" option.
- If the "rangeblock" option has been enabled then retype the "set options" list with the "rangeblock" option removed, for example:
config webfilter profile
edit {profile name>
set option block-invalid-url
end
Related Articles
Troubleshooting Tool: Using the FortiOS built-in packet sniffer
Allowing WSUS downloads
