I tried turning off all the HTTP protocol inspection settings under the Web Intelligence tab - but it made no difference...
________________________________ From: Mailing list for discussion of Firewall-1 on behalf of Dirk Hempel Sent: Mon 10/24/2005 3:15 PM To: [email protected] Subject: Re: [FW-1] https and Squid Hi, Its is not on Tab smartdefens. Please look under "Web Intelligence"-Tab in dashboard. There are a section "http protocol instection". These settings block your http-traffic.. Best wishes! Dirk Hempel Germany -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Meyers, Duncan Sent: Monday, October 24, 2005 6:26 AM To: [email protected] Subject: [FW-1] https and Squid Hi, I have an Checkpoint Express NGX R60 box running SmartDefense that has just taked to dropping all https traffic that is handled by our Squid proxy server which is in a DMZ. The specific SmartDefense error I get in the logs is: Number: 282920 Date: 24Oct2005 Time: 13:44:10 Product: SmartDefense Attack Name: Malformed HTTP Interface: eth0 Origin: xxxxlfw01 (192.168.1.5) Type: Log Action: Reject Service: Squid_NTLM (3128) Source: xxxxxdc02 (192.168.1.7) Destination: xxxxxproxy01 (192.168.252.100) Protocol: tcp Source Port: 1281 Reject ID: 435c588a-4-501a8c0-7b6 Information: reason: WSE0020001 illegal header format detected: Illegal start line in request EURL^A^C resource: Unknown I have been unable to determine exactly which SmartDefense rule is dropping the packet - I have systematically gone through them and disbaling them one-by-one hasn't turned up the culprit so I've had to turn SmartDefense (as a very short-term measure) off to allow https traffic. This may or may not be relevant - we changed the address (from 192.168.1.254 to 192.168.1.2) of the firewall object on Saturday which caused some issues with SecureClient. Can anyone suggest how I resolve this? Thanks, Duncan ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
