| Platform: | Any platform for an Enforcement Point of Next Generation |
| Product: | Check Point Next Generation FP3 (and above?) |
| Problem: |
When using a Proxy like Squid for SSL (HTTPS), the connection is refused. In the
log (INFO comumn) the following entry can be found:
message_info: CONNECT command found in HTTP request |
| Workaround/Fix: |
This is not necessarily reasoned by SmartDefense, but by "internal
properties" of FireWall-1. To avoid this problem, you should test the
parameter asm_http_allow_connect first:
#> fw ctl get int asm_http_allow_connect If the result looks like this, you can modify this parameter by typing #> fw ctl set int asm_http_allow_connect 1 With this command, the Kernel variable is modified, the message should disappear and the connection allowed. This command will not survive a reboot of the machine. Remember, if you do this modification, the security given by Next Generation might be decreased. For a permanent change of this parameter, please contact your local support partner. |
No warranty at all, your Feedback
is welcome!
© 2003-2010 AERAsec Network Services and
Security GmbH, last change 2003-09-09
back to http://www.vpn-1.de/aerasec/