smart defense blocking external users browsing webpage.

[intehnet]

all,

i'm doing some work for a client whose rulebase is allow all except denied (i know, shocking).. but forces users to go out on port 8080 via their proxy by blocking port 80 outbound.
I have enabled smartdefense AI, HTTP protocol inspection "Apply to all connections" and "Perform optimized protocol enforcement" to stop peer to peer and spyware.

This is doing a good job, HOWEVER, when EXTERNAL INTERNET BASED users browse our website in one of our DMZ's.. they get knocked back if they're spyware infected!!! How do I allow ALL traffic to hit the webserver regardless of smartdefense??

Thanks,

jimmy

[intehnet]

Sorry to bump, but does anyone have any idea's on this?

[Lackie]

What is the error that you see when this happens?

[intehnet]

i get the usual error message that the packet has been dropped due to "HTTP HEADER: Gator" or similar.. depending on what spyware the client has installed i presume

[Lackie]

What you can try is to create another Service that uses port 80 (httpinbound). In the Advanced section of the service, change the protocol type to 'None'. This should turn off smartDefense checks for that service. Use that service in the rule used to allow the inbound traffic to the webservers.

[intehnet]

ah, genius! thank you!

i think turning off "products: webserver" in the object info has also stopped this.. i think what you've suggested and the above has the same result, smartdefense not treating the packets as scannable HTTP traffic.

thanks for your advice