[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Problem with Checkpoint NG FP3HF1 and certain WebSites
That's correct. Sorry, I lost the original post, I hope this is relevant:-} -Steve S. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of <Aaron Reynolds> Sent: Thursday, March 06, 2003 1:16 PM To: [email protected] Subject: Re: [FW-1] Problem with Checkpoint NG FP3HF1 and certain WebSites Just to set this straight, for the rest of the list- this is only necessary if you are running the http security server, right? -Aaron -----Original Message----- From: Steven J. Surdock, PE [mailto:[email protected]] Sent: Thursday, March 06, 2003 10:29 AM To: [email protected] Subject: Re: [FW-1] Problem with Checkpoint NG FP3HF1 and certain WebSites I had problems with several sites under FP2 and FP3. The following changes appeared to have fixed the problems: 1) Use dbedit to modify the following parameters: :http_connection_method_transparent (true) :http_connection_method_proxy (true) :http_connection_method_tunneling (true) :http_max_header_length (8492) :http_max_url_length (8492) :http_allow_ranges (true) :http_cvp_allow_chunked (true) :http_allow_double_slash (true) :http_check_request_validity (false) :http_check_response_validity (false) :http_allow_content_disposition (true) :http_enable_uri_queries (false) :http_disable_content_type (true) :http_disable_content_enc (true) 2) cpstop 3) Edit /conf/fwauthd.conf on the management module and add 443 fwssd in.ahttpd wait 0 4) cpstart 5) Edit the HTTPS service in the GUI and under the advanced button make the service HTTP. I also made mine available for TCP resources which is another check box on the same advanced tab. 6) Make one rule for HTTPS traffic localusers@localnet -> any -> HTTPS -> user auth (set to all servers) 7) Make one rule for other authed traffic such as HTTP and FTP localusers@localnet -> any -> Authenticated Group -> user auth (set to all servers) 8) Set the browser proxy to be the internal interface of the FW-1 gateway port 80 for all services -Steve S. ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|