[jgarrote]

Hi all,

We want to protect our web server (apache) in a DMZ using static NAT from
Checkpoint NG R55, and SSL connections doesn't not work.

We have created two rules in the CP policy (for http and https protocol)
and two nodes (host) named "svr-WEB-DMZ" and "svr-WEB-Inet". Also we have
configured the Web server and we have created one SSL certificate.

External access to web server using HTTP, works fine, but using HTTPS the
firewall rejects the connection and the following message appears in FW
log: "Illegal LF-CR combination in HTTP header".

Finally we have configured web server without FW protection to test the
apache configuration, with a new SSL certificate, and both connections
(HTTP and HTTPS) works fine, thus we think the problem is the firewall
configuration.

Any suggestions or comments are welcome. Thanks in advance.

Jesus Garrote