Re: [FW-1] Problem with a WebServer

Subject:	Re: [FW-1] Problem with a WebServer
From:	"Diego F. Lastra S." <dlastra AT XERTIX DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Wed, 31 Aug 2005 11:28:25 -0500

That?s exactly the problem...
That even having Web Intelligence and Smart defense options disabled, the
error still shows up at the log viewer as a packet dropped because of
Smartdefense.

I think it may be possible, due to the fact that SmartDefense seems to be
enforcing a inspection of the http protocol and not the Firewall-1 engine.

What do you think about it?   

-----Mensaje original-----
De: Ray [mailto:sixsigma44 AT hotmail DOT com] 
Enviado el: Wednesday, August 31, 2005 8:18 AM
Para: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
CC: dlastra AT XERTIX DOT COM
Asunto: Re: [FW-1] Problem with a WebServer

SmartDashboard
SmartDefense tab
Application Intelligence
Web
HTTP Protocol Inspection
ASCII Only Request Headers - if it's checked, you will drop binary in 
headers.

Also see ASII Only Response Headers

Ray

>From: "Diego F. Lastra S." <dlastra AT XERTIX DOT COM>
>Reply-To: Mailing list for discussion of Firewall-1              
><FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
>To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>Subject: Re: [FW-1] Problem with a WebServer
>Date: Mon, 29 Aug 2005 17:58:17 -0500
>
>SPLAT:
>This is Check Point VPN-1(TM) & FireWall-1(R) NG with Application
>Intelligence (R55) HFA_09, Hotfix 182 - Build 011
>
>Ray, thanks for your help.
>
>-----Mensaje original-----
>De: Mailing list for discussion of Firewall-1
>[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] En nombre de Ray
>Enviado el: Monday, August 29, 2005 5:41 PM
>Para: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>Asunto: Re: [FW-1] Problem with a WebServer
>
>Ahhh, Microsoft, no wonder. :-)
>
>What version of FW-1 are you on? I can set that binary feature off on R55.
>
>Ray
>
> >From: "Diego F. Lastra S." <dlastra AT XERTIX DOT COM>
> >Reply-To: Mailing list for discussion of Firewall-1
> ><FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
> >To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> >Subject: Re: [FW-1] Problem with a WebServer
> >Date: Mon, 29 Aug 2005 16:35:43 -0500
> >
> >The WebServer is a IIS and it's running Microsoft Sharepoint as the
> >application server. The guys at Microsoft told us that is impossible to
> >change the way cookies are sent in binary to the web clients.
> >
> >Is there any other workaround for this problem?
> >
> >Thanks...
> >
> >-----Mensaje original-----
> >De: Mailing list for discussion of Firewall-1
> >[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] En nombre de Ray
> >Enviado el: Friday, August 26, 2005 7:16 PM
> >Para: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> >Asunto: Re: [FW-1] Problem with a WebServer
> >
> >Tell those folks to fix their web site. Allowing binary in a header is a
> >dangerous thing. We had this with one web site we used a lot after they 
>did
> >a new site. Most of the graphics were missing, it looked horrible, links
> >didn't work, etc.
> >
> >After I contacted them, they fixed the problem. They said they were using
> >an
> >
> >encrypted cookie and that was what was causing the problem. They changed 
>it
> >so it only used ASCII and the site cleaned right up.
> >
> >Ray
> >
> > >From: "Diego F. Lastra S." <dlastra AT XERTIX DOT COM>
> > >Reply-To: Mailing list for discussion of Firewall-1
> > ><FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
> > >To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> > >Subject: [FW-1] Problem with a WebServer
> > >Date: Fri, 26 Aug 2005 14:31:04 -0500
> > >
> > >Hi,
> > >I have a problem with a WebServer running under a Checkpoint VPN-1 Pro 
>NG
> > >AI
> > >R55.
> > >The message in the log is:
> > >
> > >Number:                    344735
> > >Date:                              26Aug2005
> > >Time:                      13:11:31
> > >Product:                   SmartDefense
> > >Interface:                 eth1
> > >Origin:                    FW-XXXX
> > >Type:                      Log
> > >Action:                    Reject
> > >Protocol:                  tcp
> > >Service:                   http (80)
> > >Source:                    10.10.146.205
> > >Destination:               172.20.8.112
> > >Source Port:               3738
> > >Attack Name:               Malformed HTTP
> > >Attack Information:        Non-ASCII character in HTTP header
> > >
> > >Even though I tried to disable some rules at the SmartDefense and
> > >WebIntelligence still gives this error.
> > >
> > >Any clues?
> > >____________________________________________
> > >Diego F. Lastra S.
> > >Infraestructura y Soporte Técnico
> > >www.xertix.com
> > >dlastra AT xertix DOT com
> > >Conm. (55) 3003-1300
> > >Dir. (55) 3003-1381
> > >Fax. (55) 3003-1302
> > >____________________________________________
> > >
> > >
> > >=================================================
> > >To set vacation, Out-Of-Office, or away messages,
> > >send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> > >in the BODY of the email add:
> > >set fw-1-mailinglist nomail
> > >=================================================
> > >To unsubscribe from this mailing list,
> > >please see the instructions at
> > >http://www.checkpoint.com/services/mailing.html
> > >=================================================
> > >If you have any questions on how to change your
> > >subscription options, email
> > >fw-1-owner AT ts.checkpoint DOT com
> > >=================================================
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages,
> >send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email
> >fw-1-owner AT ts.checkpoint DOT com
> >=================================================
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages,
> >send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email
> >fw-1-owner AT ts.checkpoint DOT com
> >=================================================
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Problem with a WebServer, Diego F. Lastra S. Re: [FW-1] Problem with a WebServer, Ray Re: [FW-1] Problem with a WebServer, Diego F. Lastra S. Re: [FW-1] Problem with a WebServer, Crist Clark Re: [FW-1] Problem with a WebServer, Ray Re: [FW-1] Problem with a WebServer, Diego F. Lastra S. Re: [FW-1] Problem with a WebServer, Ray Re: [FW-1] Problem with a WebServer, Diego F. Lastra S. <= Re: [FW-1] Problem with a WebServer, Mohamed OsmanHassan Re: [FW-1] Problem with a WebServer, Diego F. Lastra S.

Previous by Date:	Re: [FW-1] AW: [FW-1] SmartDefense and Java-based webpage, Bill Mathews
Next by Date:	Re: [FW-1] SecuRemote vs SecurClient, Joe Pope
Previous by Thread:	Re: [FW-1] Problem with a WebServer, Ray
Next by Thread:	Re: [FW-1] Problem with a WebServer, Mohamed OsmanHassan
Indexes:	[Date] [Thread] [Top] [All Lists]