> Are you using resource definitions are anything like that that will > result in your traffic being proxied by your firewall?
We are using a resource for HTTP "blocked sites" which is being provided by Websense. This isn't new though. Also, we did determine that https traffic is being translated correctly. And if we remove the "http" Protocol Type from the port 80 security rule, the translation occur correctly. I think I forgot to mention that the Nat 0 rule is translating the source as the cluster interface address instead of our specific nats. Thanks! -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Hugo van der Kooij Sent: Tuesday, March 25, 2008 1:56 PM To: [email protected] Subject: Re: [FW-1] Nat 0 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ben Wilson wrote: | Hi, | | We some changes to the http rules a few weeks ago because Checkpoint was | blocking Content-Disposition header responses and non ASCII header | requests. Since then all out bound web traffic is being translated with | Nat Rule 0 and not our manual nat rule. | | I tried undoing the changes (I don't understand how these should have | caused it anyway) but the situation persists. | | We don't use any automatic nats so I'm really perplexed how this could | have happened. Are you using resource definitions are anything like that that will result in your traffic being proxied by your firewall? Hugo. - -- [EMAIL PROTECTED] http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH6TyZBvzDRVjxmYERAo2EAJ9LhmrIJvrxbvOexV3Swg++s1j6rgCgq8Ve CAYWWej8FcweleGj/NLM21A= =619T -----END PGP SIGNATURE----- Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
