If you don't/can't reboot the FW run: fw ctl set int asm_http_allow_connect 1
Rick -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Dave Row Sent: Wednesday, August 10, 2005 4:05 PM To: [email protected] Subject: Re: [FW-1] HTTP CONNECT commands being dropped by HTTP Security Server You're absolutely right; these users *are* using a proxy. This looks like it will do the trick. Thanx. - Dave -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of no-need to-list Sent: Wednesday, August 10, 2005 2:38 PM To: [email protected] Subject: Re: [FW-1] HTTP CONNECT commands being dropped by HTTP Security Server Usually this error is found when the users are connecting thru a proxy server with HTTPS before going thru the firewall.....are you using a proxy server ? see SK20988 from Checkpoint or add the following line in the $FWDIR/boot/modules/fwkern.conf asm_http_allow_connect = 1 Reboot module and re-install policy Regards Dave Row <[EMAIL PROTECTED]> wrote: This is happening on my SPlat NG (R55) boxes. Error logged: "CONNECT command found in HTTP request" Some major web sites use the CONNECT method, so how do I work around this? Bonus points: What are the security implications of permitting this service? Much obliged! - Dave ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Start your day with Yahoo! - make it your home page ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
