Thats exactly the problem... That even having Web Intelligence and Smart defense options disabled, the error still shows up at the log viewer as a packet dropped because of Smartdefense.
I think it may be possible, due to the fact that SmartDefense seems to be enforcing a inspection of the http protocol and not the Firewall-1 engine. What do you think about it? -----Mensaje original----- De: Ray [mailto:[EMAIL PROTECTED] Enviado el: Wednesday, August 31, 2005 8:18 AM Para: [email protected] CC: [EMAIL PROTECTED] Asunto: Re: [FW-1] Problem with a WebServer SmartDashboard SmartDefense tab Application Intelligence Web HTTP Protocol Inspection ASCII Only Request Headers - if it's checked, you will drop binary in headers. Also see ASII Only Response Headers Ray >From: "Diego F. Lastra S." <[EMAIL PROTECTED]> >Reply-To: Mailing list for discussion of Firewall-1 ><[email protected]> >To: [email protected] >Subject: Re: [FW-1] Problem with a WebServer >Date: Mon, 29 Aug 2005 17:58:17 -0500 > >SPLAT: >This is Check Point VPN-1(TM) & FireWall-1(R) NG with Application >Intelligence (R55) HFA_09, Hotfix 182 - Build 011 > >Ray, thanks for your help. > >-----Mensaje original----- >De: Mailing list for discussion of Firewall-1 >[mailto:[EMAIL PROTECTED] En nombre de Ray >Enviado el: Monday, August 29, 2005 5:41 PM >Para: [email protected] >Asunto: Re: [FW-1] Problem with a WebServer > >Ahhh, Microsoft, no wonder. :-) > >What version of FW-1 are you on? I can set that binary feature off on R55. > >Ray > > >From: "Diego F. Lastra S." <[EMAIL PROTECTED]> > >Reply-To: Mailing list for discussion of Firewall-1 > ><[email protected]> > >To: [email protected] > >Subject: Re: [FW-1] Problem with a WebServer > >Date: Mon, 29 Aug 2005 16:35:43 -0500 > > > >The WebServer is a IIS and it's running Microsoft Sharepoint as the > >application server. The guys at Microsoft told us that is impossible to > >change the way cookies are sent in binary to the web clients. > > > >Is there any other workaround for this problem? > > > >Thanks... > > > >-----Mensaje original----- > >De: Mailing list for discussion of Firewall-1 > >[mailto:[EMAIL PROTECTED] En nombre de Ray > >Enviado el: Friday, August 26, 2005 7:16 PM > >Para: [email protected] > >Asunto: Re: [FW-1] Problem with a WebServer > > > >Tell those folks to fix their web site. Allowing binary in a header is a > >dangerous thing. We had this with one web site we used a lot after they >did > >a new site. Most of the graphics were missing, it looked horrible, links > >didn't work, etc. > > > >After I contacted them, they fixed the problem. They said they were using > >an > > > >encrypted cookie and that was what was causing the problem. They changed >it > >so it only used ASCII and the site cleaned right up. > > > >Ray > > > > >From: "Diego F. Lastra S." <[EMAIL PROTECTED]> > > >Reply-To: Mailing list for discussion of Firewall-1 > > ><[email protected]> > > >To: [email protected] > > >Subject: [FW-1] Problem with a WebServer > > >Date: Fri, 26 Aug 2005 14:31:04 -0500 > > > > > >Hi, > > >I have a problem with a WebServer running under a Checkpoint VPN-1 Pro >NG > > >AI > > >R55. > > >The message in the log is: > > > > > >Number: 344735 > > >Date: 26Aug2005 > > >Time: 13:11:31 > > >Product: SmartDefense > > >Interface: eth1 > > >Origin: FW-XXXX > > >Type: Log > > >Action: Reject > > >Protocol: tcp > > >Service: http (80) > > >Source: 10.10.146.205 > > >Destination: 172.20.8.112 > > >Source Port: 3738 > > >Attack Name: Malformed HTTP > > >Attack Information: Non-ASCII character in HTTP header > > > > > >Even though I tried to disable some rules at the SmartDefense and > > >WebIntelligence still gives this error. > > > > > >Any clues? > > >____________________________________________ > > >Diego F. Lastra S. > > >Infraestructura y Soporte Técnico > > >www.xertix.com > > >[EMAIL PROTECTED] > > >Conm. (55) 3003-1300 > > >Dir. (55) 3003-1381 > > >Fax. (55) 3003-1302 > > >____________________________________________ > > > > > > > > >================================================= > > >To set vacation, Out-Of-Office, or away messages, > > >send an email to [EMAIL PROTECTED] > > >in the BODY of the email add: > > >set fw-1-mailinglist nomail > > >================================================= > > >To unsubscribe from this mailing list, > > >please see the instructions at > > >http://www.checkpoint.com/services/mailing.html > > >================================================= > > >If you have any questions on how to change your > > >subscription options, email > > >[EMAIL PROTECTED] > > >================================================= > > > >================================================= > >To set vacation, Out-Of-Office, or away messages, > >send an email to [EMAIL PROTECTED] > >in the BODY of the email add: > >set fw-1-mailinglist nomail > >================================================= > >To unsubscribe from this mailing list, > >please see the instructions at > >http://www.checkpoint.com/services/mailing.html > >================================================= > >If you have any questions on how to change your > >subscription options, email > >[EMAIL PROTECTED] > >================================================= > > > >================================================= > >To set vacation, Out-Of-Office, or away messages, > >send an email to [EMAIL PROTECTED] > >in the BODY of the email add: > >set fw-1-mailinglist nomail > >================================================= > >To unsubscribe from this mailing list, > >please see the instructions at > >http://www.checkpoint.com/services/mailing.html > >================================================= > >If you have any questions on how to change your > >subscription options, email > >[EMAIL PROTECTED] > >================================================= > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
