NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Problem with Checkpoint NG FP3HF1 and certain WebSites


  • To: [email protected]
  • Subject: Re: [FW-1] Problem with Checkpoint NG FP3HF1 and certain WebSites
  • From: "Steven J. Surdock, PE" <[email protected]>
  • Date: Thu, 6 Mar 2003 14:00:34 -0500
  • Importance: Normal
  • In-reply-to: <6111FD9C30F8F344A3DAF3886A0CFE4D529771@coleridge.internal.kalana.com>
  • Organization: Engineered Networks, LLC
  • Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
  • Sender: Mailing list for discussion of Firewall-1 <[email protected]>

That's correct.  Sorry, I lost the original post, I hope this is relevant:-}

-Steve S.

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]] On Behalf Of <Aaron
Reynolds>
Sent: Thursday, March 06, 2003 1:16 PM
To: [email protected]
Subject: Re: [FW-1] Problem with Checkpoint NG FP3HF1 and certain WebSites


Just to set this straight, for the rest of the list- this is only necessary
if you are running the http security server, right?

-Aaron

-----Original Message-----
From: Steven J. Surdock, PE [mailto:[email protected]]
Sent: Thursday, March 06, 2003 10:29 AM
To: [email protected]
Subject: Re: [FW-1] Problem with Checkpoint NG FP3HF1 and certain WebSites


I had problems with several sites under FP2 and FP3.  The following changes
appeared to have fixed the problems:

1) Use dbedit to modify the following parameters:
:http_connection_method_transparent (true) :http_connection_method_proxy
(true) :http_connection_method_tunneling (true) :http_max_header_length
(8492) :http_max_url_length (8492) :http_allow_ranges (true)
:http_cvp_allow_chunked (true) :http_allow_double_slash (true)
:http_check_request_validity (false) :http_check_response_validity (false)
:http_allow_content_disposition (true) :http_enable_uri_queries (false)
:http_disable_content_type (true) :http_disable_content_enc (true)

2) cpstop

3) Edit /conf/fwauthd.conf on the management module and add
443 fwssd in.ahttpd wait 0

4) cpstart

5) Edit the HTTPS service in the GUI and under the advanced button make the
service HTTP.  I also made mine available for TCP resources which is another

check box on the same advanced tab.

6) Make one rule for HTTPS traffic
localusers@localnet -> any -> HTTPS -> user auth (set to all servers)

7) Make one rule for other authed traffic such as HTTP and FTP
localusers@localnet -> any -> Authenticated Group -> user auth (set to all
servers)

8) Set the browser proxy to be the internal interface of the FW-1 gateway
port 80 for all services


-Steve S.

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.