We had similar problems when we first implemented fw-1.
I don't know if our experiences will help you, but here is what we found.
On our Windows boxes, the maximum transmission unit (MTU) defaulted to 4096
for token ring.
We found that if we changed this to 1500 or less, it would work fine.
Since this meant changing every box, this was no a preferred solution.
After further investigation, we discovered that all routers in the path from
the workstation to the firewall had to have path-mtu-discovery turned on.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Mike
Glassman - Admin
Sent: Monday, June 26, 2000 12:16 AM
To: 'Rick Francis'
Cc: 'fw-1 listserv'
Subject: RE: [FW1] token ring, ethernet firewall
Rick,
TR or Ethernet has absolutely no base definition which states that just
because I'm TR or Eth, I will or will not allow SSL through.
The issue is more likely something else either inside your Network, or in
the FW rulebase itself.
Do you use an internal proxy server ? Are your clients set to use proxy ? If
so, see if you get a difference if you set a proxy on the security proxy
option as well.
Try setting the clients to not use HTTP 1.1.
Check if you have a rule on the FW which allows HTTPS to go out from inside.
HTH,
Mike
> -----Original Message-----
> From: Rick Francis [SMTP:[EMAIL PROTECTED]]
> Sent: u ea?e 24 2000 2:26
> To: [EMAIL PROTECTED]
> Subject: [FW1] token ring, ethernet firewall
>
>
> os=solaris 2.5.1
> model=ultra2
> platform=firewall
> interior interface=token ring
> exterior interface=ethernet
>
> problem: https urls that use the secure type 'ssl' protocol cannot connect
> to a browser (whatever kind) from inside the token-ring network. on the
> other side of the firewall, they work fine (all the pages serve up, and
> the
> application (javascript) connect and work).
>
> solution:??
>
> your ideas are appreciated, rf.
>
>
>
> ==========================================================================
> ======
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
