[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Any clue on this one?
Colleagues, I have an issue with HHTP requests through the FW-1 v.4.1 (AIX 4.3.3 main. Level ML 6) from the remote site that has been converted to the Ethernet. After conversion, users complain that when they start the IE browser, the first response is FW-1 error. After they type the URL address manually and hit the Enter key or "Go" button, the connection to the Internet is successful. The FW is redirecting the request to the Proxy server that is set up under Policy Properties (HTTP Next Proxy). The proxy address in the IE browser is set to the primary FW interface. I found that the dropped packets are directed to the interface itself, and obviously they are dropped by the Stealth rule and they use NAT. The good packets are processed by daemon and do not use NAT. One more thing: I have multiple Ethernet subnets that don't complain but the only two of them that are having the problem. I have tried to put those subnets in the first rule with no success. Any clue on this one? Did anyone of you have a similar issue? Best regards, Roman M. Zeltser, @National Computer Center DNE, RSIS Information Security Index <http://www.rtek2000.com/Tech/InternetSecureLinks.html> ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|