Hi Shiroma, Is it block by Smart Defense ? Does any log show in the SmartView Tracker "Smart Defense" tag ? It can show more information then the "All" tage.
I found the Check Point KB sk26010. It is talking about "Malformed SSL packet" and Smart Defense. May be you can try it ~ XD It said : Under VPN protocols section of SmartDefense interface, remove the check from "Block SSL null-pointer assignment" and install policy. Moreover, how is your current rule setting now ? The service field is "Any" or new design "SSL" protocol ? Thanks ! Regards, Little Lun --- 2009年3月11日 星期三,Shiroma Dassanayake <[email protected]> 寫道﹕ > 寄件人: Shiroma Dassanayake <[email protected]> > 主題: Re: [FW-1] Malformed ssl packet > 收件人: [email protected] > 日期: 2009 3 11 星期三 下午 1:41 > Hi Checkpoint gurus > > Thanks JP/Mark for the suggestions. I tried out both > workarounds, but the error still persists (attack name: > invalid ssl packet > > SSL v3: malformed packet (field lengths do not > match)). Any other ideas? > > Regards > Shiroma > > --- On Wed, 3/4/09, Jean-Paul Baillon > <[email protected]> wrote: > > From: Jean-Paul Baillon > <[email protected]> > Subject: Re: [FW-1] Malformed ssl packet > To: [email protected] > Date: Wednesday, March 4, 2009, 12:53 PM > > Better still create a new https service (possibly call it > https_none) > and set the protocol type to none - use this service for > your skype voip > rule > > Doing it this way will not disable protocol checking for > https in your > other rules with https defined > > JP > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[email protected]] On > Behalf Of Mark > Elsen > Sent: Wednesday, 4 March 2009 11:43 PM > To: [email protected] > Subject: Re: [FW-1] Malformed ssl packet > > > Dear Checkpoint gurus > > > > When attempting to access skype (non-voip acces has > been allowed for a > selected group of individuals), we are unable to connect. > On checking > the tracker logs, https packets to one of the Skype IPs are > being > dropped with this message: > > > > attack name: invalid ssl packet > > SSL v3: malformed packet (field lengths do not match) > > > > Where in smartdefence can the actions for this attack > be modified? > > > > Regards > > Shiroma > > > > - Check the Advanced Properties of the https service : set > protocol > type to -> 'None'. > > This will disable in-depth checking of SSL transactions. > > M. > > Scanned by Check Point Total Security Gateway. > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > ##################################################################################### > Important: This electronic message and attachments (if any) > are confidential > and may be legally privileged. If you are not the intended > recipient do not > copy, disclose or use the contents in any way. Please let > us know by return > e-mail immediately and then destroy this message. > ##################################################################################### > > Scanned by Check Point Total Security Gateway. > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= Yahoo!香港提供網上安全攻略,教你如何防範黑客! 請前往 http://hk.promo.yahoo.com/security/ 了解更多! Scanned by Check Point Total Security Gateway. Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
