Did you try completely disabling HTTP format sizes in Smart Defense all
together, (setting them to zero), and turning off all HTTP header /
response checking, just to prove if it's that part of Smart Defense
that's causing the issue or not?
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Wayne
Clemit
Sent: Wednesday, July 20, 2005 15:38
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] HFA-05 on IPSO 3.8.1 issues - "http request too long"
Hi,
Since applying HFA-05 to our Nokia platforms (Running IPSO 3.8.1
Build033 & NG-AI R55 for IPSO 3.8) we are experiencing lot's of
"message_info: Line in HTTP request too long" errors in the event log.
(Note: I did actually upgrade IPSO from 3.8.1 Build028 just prior the
HFA05 installation if that has any bearing)
Sample Log entry.
Number: 1384604
Date: 20Jul2005
Time: 19:44:36
Product: VPN-1 & FireWall-1
Interface: eth1c0
Origin: gateway (x.x.x.x)
Type: Log
Action: Reject
Protocol: tcp
Service: http (80)
Source: Host-PC (10.0.1.1)
Destination: 205.157.85.40
Source Port: 4440
Information: message_info: Line in HTTP request too long
We also have numerous SPLAT boxes throughout the network (NG-AI R55 /
HFA-15) that do not have these issues (managed by the same Management
server (Windows 2000 SP4 / HFA-15)
I have amended the Smartdefence settings - Application Intelligence -
web - http protocol inspection - http format size, settings and even the
"http_max_url_length" within the global properties, all to no avail.....
Any clues / workarounds greatly appreciated.
Cheers,
Wayne.
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email fw-1-owner AT ts.checkpoint DOT com
=================================================
**********************************************************************
The information contained in this communication is
confidential, is intended only for the use of the recipient
named above, and may be legally privileged.
If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination,
distribution, or copying of this communication is strictly
prohibited.
If you have received this communication in error,
please re-send this communication to the sender and
delete the original message or any copy of it from your
computer system. Thank You.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
