CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3.
2. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > SmartDefense
problems with internet traffic since smartdefence installed problems with internet traffic since smartdefence installed
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2007-12-13
Junior Member
  
Join Date: 2006-09-13
Location: UK
Posts: 7
Rep Power: 0
jbuszard has an average reputation (10+)
Default problems with internet traffic since smartdefence installed
We have recently updated the smartdefence stuff so everything is up to date on it - previously we have never used it.

however since implementing it - we are having numerous problems with http and https traffic. we run our traffic through proxy servers - we use clearswift mimesweeper for web 5.1

since putting in smart defence we got alot of pages coming back with a page cannot be displayed - it occurs almost instantly.
its not the proxy as these aren't sites or pages we block and the proxy has pre-designed block pages that appear for users if they can't get access to something.

looking on the firewall i can't see anything in the smartdefence tracker that relates to it.
i have tried turning off all the web inteligence stuff in smart defence and this certainly helps with some of the https sites - however we still get the page cannot be displayed error coming up on various sites.

we particularly have problems with sites such as AA route planner, streetmap and similar sites.

if it was smartdefence blocking it i would expect it to appear in the smartdefence tracker - however it doesn't - but i do know that that tracker doesn't show all as some https sites didn't work or appear in the tracker but when i turned off the web inteligence stuff they worked.

anyone have any suggestions on how i can work out what is causing the problems?
Reply With Quote
  #2 (permalink)  
Old 2007-12-14
Senior Member
  
Join Date: 2007-01-18
Location: London
Posts: 375
Rep Power: 2
MarioL has an average reputation (10+)
Default Re: problems with internet traffic since smartdefence installed
I'd check the Smartdefense config, or maybe put it in monitor mode.

How is the firewall doing in terms of throughput and resources? Is it fine or is it having lots of work?
Reply With Quote
  #3 (permalink)  
Old 2007-12-14
Senior Member
  
Join Date: 2007-07-16
Posts: 603
Rep Power: 2
Thorpuse has an average reputation (10+)
Default Re: problems with internet traffic since smartdefence installed
Make a database revision (or if you're using R62 or higher, create a new SD profile) and turn off the SmartDefense protections (do NOT just put them in monitor mode, monitor mode still enforces the protection, but allows it through on the match. Sadly sometimes it's the scan that causes the problem, not the detection).

Once you've determined if the problem is an SD protection, you pretty much have to use trial and error to find out which section and which protection is causing the problem. Ones to look out for are the IE Malformed jpg/avi/pdf etc protections, the ASCII only header/response protections and the worm catcher.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -7. The time now is 17:57.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0