SSLv3: Malformed Packet (field lengths do not match)

[switzer]

We are getting this issue when looking doing a bank transfer.
Currently in order to get this working we are having to turn off smart defence.
This issue has only occurred it seems since we upgraded to NGX.
A suggested workaround was to in Smart defence/Application intelligence
Vpn protocols - turn SSL enforcement to Monitor Only.
Another user has said this worked for him.
However - this means that while its off we are unprotected against
malformed SSL packets.
I am wondering if the bank BACS service has an unusual type of SSL packet
and NGX is picking up on it though NG didnt.
Or maybe the bank have changed the SSL format of their packets .
Anyone else had this happen since upgrading to NGX R61 ?

Steve

[chillyjim]

I find that a lot of the SSLv3 that's out there is broken. In many cases it comes down to a web server issuing a v2 handshake and then switching to v3.

Try to open a call with TAC, and get your Check Point SE or reseller involved right away with it. I've found the SmartDefense team to be very helpful when you can finally get a call escalated to them.