I'm not a product expert, but you might have better luck if you moved this to one of our product areas. I'm unfamiliar with specific model numbers but it sounds like you may be posting about IntruShield?
I re-read your post and the subject line which indicates Network Security Platform (NSP), so I moved this to the correct area. Hopefully a community expert can help you soon.
Thanks April, I appreciate the direction.
Hi cwebbrsd, under IPS Settings=> Policies => HTTP Response Scanning, check if you have enabled this functionality. In affirmative situation disable it and try to download the ISO file from Microsoft again. Let us know how it is going on.
Thanks for your response, gooru4speed - however, we do not have HTTP response scanning enabled on any of our port pairs.
Here is an update for those that are reading and are interested:
Working with Tier 3 support, so far they have had me issue this command via the console:
layer2 mode assert
Which to my understanding disables the IPS from really doing any scanning. Now our file transfers work as expected, but of course our IPS is no longer doing its' job.
Ill post back when I hear more, and any suggestions from the community are still very welcome.
As you said layer 2 bypass disables IPS from scanning. I don't think that solution as a workaround it is just a temporary "patch" until they find the problem.
Correct, this is a band-aid - but at least unil they find a good solution my file transfers are not dead in the water. I'll continue to update as tech support gives me information.
Does the transfer complete fail when Inline IPS, or just have latency?
I'd check the following and bubble this up to the support case rep
1.) Anyinterface errors on the on the sensor port handling the transfer (CRC's)?
2.) On the sensor CLI, issue "clrstast" to clear counters, do the transfer (inline IPS) and then check "show inlinepktdropstats" on sensor. This should show you where the dropped packets are coming from
3.) You can also enter debug mode on sensor CLI and test the transfer with Layer 3 and Layer 7 inspection disabled to see the difference.
at the sensor CLI ener "debug" then enter "set l3 <off|on>" and "set l7 <off|on>" and track the results
4.) If you are not on the latest version of the sensor sw code, you may check that.
If you have a SR number, you can send me an direct message, and I can take a peek at the case.... Cheers