[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Re: http 1.1 errors and such
Title: Re: http 1.1 errors and such Hi all
Oh yes, I agree that checkpoint and phoneboy both have info on
this issue, but the documentation that Esafe puts out is much better
and more complete, for me anyway, which is why I was recommend it,
just my opinion of course (YMMV). I just like pictures and color
in my instructions. <BG> Of course don't forget the
crayons and nap time, but I digress.
From what I've read from Esafe,Checkpoint and phoneboy, there are
several issues that come up when you turn on http security server not
just http 1.1 connection error message. There appears to
problems with pdf files. Sometimes you get a pdf to open in a
browser or download and sometimes you don't, but if you turn off the
http resource then you can get the pdf no problem. There are
also some website where you get a message that the firewall can't
connect to the webserver such as: "FW-1 at firewallname: Failed
to connect to the WWW server". But these websites can be
gotten to from home, so the url is up and working. There are
also some issues with active x tags and malformed responses.
Here are some of the various changes that I've found that it is
recommended you make to the objects.C file to take care of many of
these issues plus some of the smtp ones as well.
:props (
)
I can't tell you if these will solve your problems or not, but
this is what I've been given. Since many of you that are
not interested in this, most likely don't want the pdf file and since
I'm not sure if this list will take attachments, I'm not going to send
it to the list. If you want it let me know privately and I'll
send it to you.
This is from the CVP section of the Esafe documentation on how to
edit the objects.C file.
1. Stop the firewall and close all management consoles
(gui)
2. Use a text editor such as notepad to open the objects.C file.
(I'd make a backup first!)
3. Search for :servers. Then under that find each CVP
server you have created an object for. Then look under that for
the :protocol_info section. If you have one see if you have the
following info listed below, if not then you need to add it.
Make sure that all the brackets are closed when you are done.
There is more to how it would look then what I wrote here.
:protocol_info (
}
4. Then search for the string :props and add the items I listed
at the beginning of this email. I didn't retype it since I
figured this email was long enough. Don't forget to close your
brackets.
5. Save the file.
6. Restart the firewall service
7. Reinstall the policy from within the Gui
This is the info I've been given. I can't promise you it
will work for you or that my instructions make sense to you. I
hope they do, but I'd suggest reading Esafe's pdf file.
You should be able to go there public ftp site and get the
instructions.
<ftp://ftp.esafe.com/pub/manuals/ESG/ESG3.x/CVP/> has a
list of manuals. The one that talks specifically about this
stuff is the esg-cvp_edit_objects.C.pdf and is at
<ftp://ftp.esafe.com/pub/manuals/ESG/ESG3.x/CVP/esg-cvp_edit_objectsC.pdf>. Ignore my <>s around the urls, they
are just placeholders. If you can't get it then at least
checkout phoneboy or checkpoint's knowledge base.
I hope this helps someone. If you find other info, please
let me know. Or if you find out I've done something wrong,
please let me know that too. Thanks everyone. This is such
a great group. Now if we can only get rid of the Out of Office
emails. Maybe we should get instructions together on how to turn
off Out of Office replies to the web and post it to the group.
Anyone game?
For those of you that specifically ask, I'll send you the
document privately.
see ya and good luck.
cee
And Hubbard, Dan wrote:
http://www.phoneboy.com/faq/0213.html and
And Ronny Vaningh wrote:
knowledgebase Solution: Cannot view web page when using HTTP 1.1 connection with HTTP Security Server (10043.0.610) Disable the option to use HTTP 1.1 connections in one of the following ways: Sincerely Ronny Vaningh Security Engineer UUNET
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cee
Don't meddle in the affairs
of dragons, for you are crunchy and
taste good with honey
mustard.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|