[FW-1] Odd http requests after upgrade to R75.20

Thu, 29 Sep 2011 16:13:00 -0700 

Hi all,

We've a bit of an oddity here after upgrading our firewalls to R75.20 from R65 
HFA70. Management Server was done about 10 days ago whilst gateways were done 
in the last two days.

Since the upgrade of one of the gateways yesterday, everything seemed to be 
working as previous until we discovered that no-one could access our website 
anymore. A quick investigation, using tcpdump and fw monitor, revealed that the 
firewall was dropping all https requests when hitting the external IP of the 
web server. Which is the weird thing, because no-one is sending https requests, 
only http. It seems that the firewall is somehow converting http requests to 
https and then obviously dropping them as our rulebase will only allow http. 
There are no problems accepting and forwarding smtp traffic; there are no 
problems for anyone doing udp lookups against our dns server; no problems for 
anyone hitting our ftp server. Only the web server is causing us grief.

We've opened a support case with Check Point but so far, they are stumped. This 
mailing list has some experienced people as members though, so thought I'd ask 
ye too. Has anyone seen something like this before?

If all resources on the DMZ were inaccessible then that would make more sense, 
or at least make it easier to troubleshoot, but this specific issue with 
inbound http requests getting dropped as https is a little odd.

Thanks,
Eamonn 

-------------------------- 
Sent from my BlackBerry Device 



Confidentiality Notice: This electronic message contains information that is 
privileged or confidential, is the property of QC Data, and is intended only 
for the use of the intended recipient. If you are not the intended recipient, 
you are hereby notified that disclosure, copying, distribution or use of this 
information is prohibited. If you have received this message in error, please 
delete the original message and any copy of it in your possession and notify us 
by telephone or email immediately.

QC Data (Ireland) Limited

Registered in Ireland, Number: 158091
VAT Registration No.: IE 6556091K

Registered office: 70 Sir John Rogersons Quay, Dublin 2, Republic of Ireland.


Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================

Reply via email to