I also had this issue with users outside my firewall coming behind it to hit a proxy and then going back out the same firewall to the internet. I issued a kernel command and it fixed my problem. take a look at this link. http://www.phoneboy.com/bin/view.pl/FAQs/ConnectCommandFoundInHTTPRequest Rick
________________________________ From: Mailing list for discussion of Firewall-1 on behalf of David Landgren Sent: Mon 1/31/2005 10:59 AM To: [email protected] Subject: [FW-1] Bypassing "CONNECT command found in HTTP request" Hello List, I recently upgraded my firewall. It says here: This is Check Point VPN-1(TM) & FireWall-1(R) NG with Application Intelligence (R55) HFA_12, Hotfix 309 - Build 007 I am experiencing a rather annoying problem with https traffic. People on the same segment as our web proxy have no problem, since they hit it directly. The rest of the users come in through the VPN, and hence are routed across the firewall. All their https traffic is being dropped by the firewall because it sees a "CONNECT command found in HTTP request". I have looked at the knowledge base and there appear to be a couple of recipes that deal with this problem, however, I am loathe to try one out at random. Has anyone experienced this problem beforehand and resolved it successfully? thanks, David Landgren ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
