HTTP traffic from Checkpoint to Netscreens

[Robust]

Hi all,

Does anybody have any suggestions on a little problem I have?

I am running NGAI R55 with HFA_04 for IPSO 3.8. and have several Netscreen 5GT's with VPN tunnels. I have a rule in the CP rule base which allows encrypted traffic and rejects un-encrypted traffic. In the CP community I have excluded the HTTP service from encryption as I was unable to log into the Netscreen over HTTP to manage them (get the following messages)
(CP error)

Quote:

encryption fail reason: Packet is dropped because there is no valid SA - please refer to solution sk19423 in SecureKnowledge Database for more information

(Netscreen Error)

Quote:

Rejected an IKE packet on untrust because the peer sent a proxy ID that did not match the one in the SA config

This was all working fine but now I have some pc audit software which reports back to a server behind CP over HTTP and hence drops the packets as they are not encrypted.

Any suggestions would be welcome, Thanks