CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.

First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E


Results 1 to 2 of 2

Thread: HTTP traffic from Checkpoint to Netscreens

  1. #1
    Join Date
    Rep Power

    Default HTTP traffic from Checkpoint to Netscreens

    Hi all,

    Does anybody have any suggestions on a little problem I have?

    I am running NGAI R55 with HFA_04 for IPSO 3.8. and have several Netscreen 5GT's with VPN tunnels. I have a rule in the CP rule base which allows encrypted traffic and rejects un-encrypted traffic. In the CP community I have excluded the HTTP service from encryption as I was unable to log into the Netscreen over HTTP to manage them (get the following messages)
    (CP error)
    encryption fail reason: Packet is dropped because there is no valid SA - please refer to solution sk19423 in SecureKnowledge Database for more information
    (Netscreen Error)
    Rejected an IKE packet on untrust because the peer sent a proxy ID that did not match the one in the SA config
    This was all working fine but now I have some pc audit software which reports back to a server behind CP over HTTP and hence drops the packets as they are not encrypted.

    Any suggestions would be welcome, Thanks

  2. #2
    Join Date
    Rep Power

    Default Re: HTTP traffic from Checkpoint to Netscreens


    Can you exclude HTTP Traffic in VPN at Juniper Side also , please anyboday can correct me if i was wrong ...this is my first replay

Similar Threads

  1. Smartdefense blocks the http traffic
    By naddepally in forum IPS Blade (Formerly SmartDefense)
    Replies: 6
    Last Post: 2010-07-06, 04:58
  2. Bandwidth issue fo all HTTP/FTP traffic
    By ascssmith in forum IPS Blade (Formerly SmartDefense)
    Replies: 34
    Last Post: 2010-03-06, 18:56
  3. HTTP Traffic over proxy in DMZ
    By djsven in forum Services (TCP, UDP, ICMP, etc.)
    Replies: 8
    Last Post: 2007-08-03, 03:31
  4. question: Malformed HTTP Traffic
    By Alex_BT in forum IPS Blade (Formerly SmartDefense)
    Replies: 0
    Last Post: 2006-06-14, 09:23
  5. Checkpoint NG site VPN HTTP prpxy traffic
    By gold01 in forum Miscellaneous
    Replies: 4
    Last Post: 2005-12-12, 23:46


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts