Hi,
I have an Checkpoint Express NGX R60 box running SmartDefense that has just
taked to dropping all https traffic that is handled by our Squid proxy server
which is in a DMZ. The specific SmartDefense error I get in the logs is:
Number: 282920
Date: 24Oct2005
Time: 13:44:10
Product: SmartDefense
Attack Name: Malformed HTTP
Interface: eth0
Origin: xxxxlfw01 (192.168.1.5)
Type: Log
Action: Reject
Service: Squid_NTLM (3128)
Source: xxxxxdc02 (192.168.1.7)
Destination: xxxxxproxy01 (192.168.252.100)
Protocol: tcp
Source Port: 1281
Reject ID: 435c588a-4-501a8c0-7b6
Information: reason: WSE0020001 illegal header format detected: Illegal start
line in request EURL^A^C
resource: Unknown
I have been unable to determine exactly which SmartDefense rule is dropping the
packet - I have systematically gone through them and disbaling them one-by-one
hasn't turned up the culprit so I've had to turn SmartDefense (as a very
short-term measure) off to allow https traffic. This may or may not be relevant
- we changed the address (from 192.168.1.254 to 192.168.1.2) of the firewall
object on Saturday which caused some issues with SecureClient.
Can anyone suggest how I resolve this?
Thanks,
Duncan
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
