In some environments where communication to an FTP server is required (whether local or remote) and the FTP proxy engine within the ProxySG/ASG is being used, you might be facing an issue that results in a Client-side timeout, due to the fact that the ProxySG is not sending data back to the client when the downloaded file is large enough. This timeout can be seen within a packet capture filtering by client IP.
The issue can be caused by the behavior of the FTP proxy when Malware Scanning or External Services with an ICAP request service are enabled for these FTP requests.
As stated in the article Is ICAP Trickling supported on Native FTP?, the FTP proxy engine within the ProxySG/ASG does not support data trickling. This means that every time the FTP client downloads files from the FTP server, these files will be scanned by the Content Analysis service and will not provide any kind of feedback to the client until the file scan is complete.
In order to avoid receiving a client timeout, the default server response timeout limit must be raised in the FTP client. This setting varies from client to client. In this article we will provide instructions on how to change this setting in two of the most widely used FTP clients: FileZilla Client and WinSCP.
FileZilla Client:
After you enter FileZilla Client, go to Edit > Settings
In the Settings window, go to Connection then change the default Timeout in seconds (20 by default) to a higher amount , then click OK.
After that, connect to your FTP Server as usual.
WinSCP:
After opening WinSCP, go to the Advanced section
In the Advanced Site Settings, go to the Connection section, then change the default Server response timeout number (15 seconds) to a higher amount.
Click OK and Login to the FTP server to retrieve the file.