[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] NG AI Problem
Hi, I already did it without success. best regards -----Original Message----- From: Reinhard Stich [mailto:[email protected]] Sent: Tuesday, July 15, 2003 5:22 PM To: [email protected] Subject: Re: [FW-1] NG AI Problem hi, check smart-defense settings for http and disable them. cheers reinhard At 17:13 15.07.2003 +0200, you wrote: >Hello guys, > >after upgrading from "NG FP3" to "NG AI" I have a cannot access https-Site >over a proxychain. Here is the scenario: > > >Client ------> SQUID1 -------> CP NG AI -------> >SQUID2 --------> SSL-Webserver > > >SQUID1 (Proxyserver) communicates over Port 80 with SQUID2 and I cannot >change this Port, because I don't administrate SQUID2. HTTP-Connections work >fine, but If the client want to connect to an Webserver with HTTPS, >Firewall1 drops the connection with: > >CONNECT command found in http request > >It seems, that Firewall1 with AI checks the http-protocol for >connect-commands and that is true for untunneled connection, but for >tunneled connections is a CONNECT method in the request. > >So how can I disable this checking for tunneled connections without >changing the port ???? > >BTW: I also tried to change the service in the rulebase to TCP Port 80 >without TYPE HTTP, but no success > > >best regards ztif > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [email protected] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[email protected] >================================================= -- Reinhard Stich, ASSIST [email protected] Internet Security AG, 1190 Wien, Nussdorfer Laende 29-33 Tel: +43 1 370 94 40 RS784-RIPE Fax: +43 1 370 94 40-10 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|