-----BEGIN PGP SIGNED MESSAGE-----
Hi all;
Ain't it great when you get a solution? :) Posted to the FW1-Wizards
list yesterday:
> -----Original Message-----
> From: Dameon D. Welch-Abernathy [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, 23 August 2000 03:51
> To: [EMAIL PROTECTED]
> Subject: RE: [fw1-wizards] Problem with eSafe Protect Gateway and
> Firewall-1 V4.1 SP2
>
>
>
> > I tried it with www.amazon.de, which a user reported failed for
> > him. When I
> > used the workaround, that worked for me. However, someone
> else suggested
> > help.yahoo.com didn't work.
> > I tried it with the workaround and sure enough it did not work,
> > so we still
> > have a problem. I am continuing to work this issue with Check
> > Point.
>
> And I have a solution. This one works.
>
> 1. Remove that http_use_cvp_reply_safe (true) line from objects.C
> and replace it with (in the props section):
>
> :http_disable_content_enc (true)
>
> This basically delays the acceptance of the data until the
> CVP server okays
> it.
>
> 2. Go the firewall module and edit $FWDIR/conf/fwopsec.conf.
> Replace the
> line that says:
>
> Server 127.0.0.1 18181 auth_opsec
>
> so it reads:
>
> Server 127.0.0.1 18181 opsec
>
> This change removes the "autosense" mechanism necessary to
> work with old CVP
> servers (i.e. those that don't use the new CVP API -- most
> all of them do
> now).
>
> 3. Reinstall the policy.
>
> 4. Bounce the firewall (fwstop; fwstart)
>
> I tested it with a number of sites that I know do gzip
> encoding (including
> help.yahoo.com) and it works just fine. Of course, I'm sure
> you'll tell me
> if it doesn't. :-)
>
> -- PhoneBoy
>
>
> --------------------------------------------------------------------
> - This email came from the FireWall-1 Wizards Mailing List
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For more information, email: [EMAIL PROTECTED]
For those who are curious, you don't actually need to do step 2
unless you're running a cvp server.
Cheers
Richard
- --
Richard Parry [EMAIL PROTECTED]
Glue Guy: CCNA, CSE(SMB), MCP, makes pretty good coffee Optimation
Phone: +64 4 470 5814 x 848 Pager: [EMAIL PROTECTED]
> -----Original Message-----
> From: Richard Parry [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, 23 August 2000 6:11 p.m.
> To: undisclosed-recipients
> Subject: [FW1] Content-Encoding type not allowed
> Importance: Low
>
> Hi all;
>
> Apologies if this is a FAQ, but the closest I could find was here:
>
> http://www.phoneboy.com/fw1/faq/0407.html
>
> Seems that after the addition of SP2 to our firewall, we can't get
> to certain sites or resources. The above article sums it up
> nicely,
> except:
>
> . We're using FW-1 for Linux (4.1 SP2)
> . We're not using a cvp server
>
> I expect it's a similar setting in objects.C, but not having a
> reference guide to objects.C this is only a vague expectation :)
> Realistically we want our firewall to be blocking nasties like
> ActiveX and Java, but actually would like to allow most things like
> gzip files and so on.
>
> Anyone out there able to help with a quick answer to this?
>
> Cheers
>
> Richard
> --
> Richard Parry
> [EMAIL PROTECTED] Glue Guy: CCNA, CSE(SMB), MCP, makes
> pretty good coffee Optimation Phone: +64 4 470 5814 x 848
> Pager: [EMAIL PROTECTED]
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQEVAwUBOaOrkfVxtQ5VlW2tAQGYegf+N8zAt1BEK3DLnVDT3zWkExzutaHJRq6R
eMyphMIR3+8ueF3nCSq44bXy/5fGKBmKi9MSvwIKjJqODiERUuCXA6dqRcumO5v2
vknaOylFOyAXUprftUNKYNQpWkHi50V2VTuZyxOb9w4V8/6b+Elmzv1zEAS141lI
/AywtR3wJn8Lmh9ud6TPGKyjBqcPhN/rW/dsvMIAVjXmu6cjthODozGzWi+dHAk6
p3X8QjJ5CP/SI4mumDlDajlgHd/TThlIf9y3ZuT4ezV+Gq+1zgz+4HHOfQdeoH4H
nZ4qtLfRF3MGrfMnbKQhqkr70nPee/RddZ5Fg65C6A6dGUkopUfBAw==
=LeET
-----END PGP SIGNATURE-----
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
