Re: [FW-1] HFA-05 on IPSO 3.8.1 issues - "http request too long"

Subject:	Re: [FW-1] HFA-05 on IPSO 3.8.1 issues - "http request too long"
From:	Thomas <thomas AT DYNASAFE.COM DOT TW>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Thu, 21 Jul 2005 07:47:56 +0800

Try to disable "worm capture". It should be a bug of the 3.81 HFA05.

Warrington Bruce - bwarri wrote:

Did you try completely disabling HTTP format sizes in Smart Defense all
together, (setting them to zero), and turning off all HTTP header /
response checking, just to prove if it's that part of Smart Defense
that's causing the issue or not?

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Wayne
Clemit
Sent: Wednesday, July 20, 2005 15:38
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] HFA-05 on IPSO 3.8.1 issues - "http request too long"

Hi,
Since applying HFA-05 to our Nokia platforms (Running IPSO 3.8.1
Build033 & NG-AI R55 for IPSO 3.8) we are experiencing lot's of
"message_info: Line in HTTP request too long" errors in the event log.
(Note: I did actually upgrade IPSO from 3.8.1 Build028 just prior the

HFA05 installation if that has any bearing)

Sample Log entry.
Number:       1384604
Date:             20Jul2005
Time:            19:44:36
Product:        VPN-1 & FireWall-1
Interface:      eth1c0
Origin:          gateway (x.x.x.x)
Type:            Log
Action:          Reject
Protocol:       tcp
Service:        http (80)
Source:         Host-PC (10.0.1.1)
Destination:  205.157.85.40
Source Port: 4440
Information:  message_info: Line in HTTP request too long

We also have numerous SPLAT boxes throughout the network (NG-AI R55 /
HFA-15) that do not have these issues (managed by the same Management
server (Windows 2000 SP4 / HFA-15)

I have amended the Smartdefence settings - Application Intelligence -
web - http protocol inspection - http format size, settings and even the
"http_max_url_length" within the global properties, all to no avail.....

Any clues / workarounds greatly appreciated.

Cheers,

Wayne.


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] HFA-05 on IPSO 3.8.1 issues - "http request too long", Wayne Clemit Re: [FW-1] HFA-05 on IPSO 3.8.1 issues - "http request too long", Warrington Bruce - bwarri Re: [FW-1] HFA-05 on IPSO 3.8.1 issues - "http request too long", Thomas <= Re: [FW-1] HFA-05 on IPSO 3.8.1 issues - "http request too long", Wayne Clemit

Previous by Date:	Re: [FW-1] NGX Upgrade, Charlie Saliba
Next by Date:	[FW-1] Watchdog timer expiring - resulting in system rebooting constantly, Ade Shoy
Previous by Thread:	Re: [FW-1] HFA-05 on IPSO 3.8.1 issues - "http request too long", Warrington Bruce - bwarri
Next by Thread:	Re: [FW-1] HFA-05 on IPSO 3.8.1 issues - "http request too long", Wayne Clemit
Indexes:	[Date] [Thread] [Top] [All Lists]