Configure timeouts for ftp proxy on the Edge SWG (ProxySG)
search cancel

Configure timeouts for ftp proxy on the Edge SWG (ProxySG)

book

Article ID: 165814

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG SG-300 SG-9000 SG-900 SG-S500 SG-S400 Secure Web Gateway Virtual Appliance SG-S200 SWG VA-100

Issue/Introduction

How to configure the ftp proxy timeout on the Edge SWG (ProxySG)?

Resolution

FTP proxy uses the same ClientReceiveTimeout and ServerReceiveTimeout values that are configured for HTTP in the CLI.

In the majority of cases, extending the http-receive client timeout from its default of 120 seconds will address any timeout issues encountered with FTP command-line clients during longer file transfers. Typically this isn't necessary if only graphical FTP clients are used, since these send regular NOOP commands in lieu of keep-alives, which will prevent a connection from timing out.

To configure this timeout, use the following CLI command in the Edge SWG (ProxySG) SSH or serial console:

#(config)http receive-timeout client 3600

 

In policy, add the following:

<proxy>
proxy.port=!21 http.client.recv.timeout(120)


This will ensure the default HTTP client-receive timeout of 120 seconds is used for traffic intercepted on the common HTTP proxy-ports, and a longer timeout of 3600 seconds for other traffic where the timeout is applied, ie FTP.