NGX SmartDefense PNG protection false positives

[Ezrae]

Hi,

I was wondering if anyone else out there is having this problem:

We upgraded to NGX, and since then we're having trouble with the PNG protection in Smart Defense.

When making a Webdav connection and attempting to upload a powerpoint (.ppt) or dynamically created PNG files from an ArcIMS mapping server the files are blocked with the PNG protection message in the logs.

Disabling PNG protection does not fix the problem.

We're running NGX on Nokia IPSO 3.9 Build 35.

Rolling back to R55W solves the problem, but rolling back permanently isn't really an option.

Thanks!
Jen

[Lackie]

We have a customer here with the same issue. Case has been escalated to Check Point and they are working on it. Sounds like an NGX bug.

[intehnet]

is this limited to the nokia build of NGX or all versions?

[dramirez]

CMA is running R61, the firewall is running R55 HFA17.

Some users were complaining of not being able to download stuff, in the logs: SD Microsoft Internet Explorer PNG Rendering

If I disable the PNG protection, they are able to get their stuff...

SD is creating me more problems with too many false positives, I'm starting to hate it.

[chillyjim]

Quote:

Originally Posted by dramirez

SD is creating me more problems with too many false positives, I'm starting to hate it.

SmartDefense may be blocking stuff you don't want it to, but it is very rare that it is a false positive. SmartDefense is very strict about how it intrupets the RFC/standards.

When you encounter something that you think is a false positive, please open a ticket. The more information the SmartDefense developers get the better, but don't be surprised if they come back and tell you SD is right and the file/site/whatever is broken. There is a lot of very poorly written websites and the like out there.