In some environments where communication via FTP is required and the FTP proxy service on the Edge SWG (ProxySG) is used, and ICAP is configured,  you may encounter a client-side timeout.

Because the Edge SWG (ProxySG) is configured for ICAP, the file must be scanned before delivery to the client. When the file is large, the scanning time may exceed the client timeout. The timeout can be seen from a packet capture filtering by client IP.

As stated in the article ICAP Trickling support on native FTP, the FTP proxy service does not support data trickling, every new FTP download will be scanned by the Content Analysis appliance without any feedback to the client until the file scan is complete.

The default server response timeout must be increased on the FTP client. This setting varies from client to client. Here are instructions for changing this setting for two of the most widely used FTP clients (FileZilla and WinSCP).

FileZilla Client

After you enter FileZilla Client, go to Edit > Settings



In the Settings window, go to Connection. Increase the default Timeout in seconds (20 by default) , then click OK.


 

Connect to your FTP Server and test some file downloads. Modify the timeout as needed.

WinSCP:

Open the WinSCP client, go to the Advanced section



In the Advanced Site Settings, under the Connection section, increase the Server response timeout (15 seconds).

Click OK. Connect to your FTP Server and test some file downloads. Modify the timeout as needed.