CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.

Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E


Results 1 to 2 of 2

Thread: HTTP traffic from Checkpoint to Netscreens

  1. #1
    Join Date
    Rep Power

    Default HTTP traffic from Checkpoint to Netscreens

    Hi all,

    Does anybody have any suggestions on a little problem I have?

    I am running NGAI R55 with HFA_04 for IPSO 3.8. and have several Netscreen 5GT's with VPN tunnels. I have a rule in the CP rule base which allows encrypted traffic and rejects un-encrypted traffic. In the CP community I have excluded the HTTP service from encryption as I was unable to log into the Netscreen over HTTP to manage them (get the following messages)
    (CP error)
    encryption fail reason: Packet is dropped because there is no valid SA - please refer to solution sk19423 in SecureKnowledge Database for more information
    (Netscreen Error)
    Rejected an IKE packet on untrust because the peer sent a proxy ID that did not match the one in the SA config
    This was all working fine but now I have some pc audit software which reports back to a server behind CP over HTTP and hence drops the packets as they are not encrypted.

    Any suggestions would be welcome, Thanks

  2. #2
    Join Date
    Rep Power

    Default Re: HTTP traffic from Checkpoint to Netscreens


    Can you exclude HTTP Traffic in VPN at Juniper Side also , please anyboday can correct me if i was wrong ...this is my first replay

Similar Threads

  1. Smartdefense blocks the http traffic
    By naddepally in forum IPS Blade (Formerly SmartDefense)
    Replies: 6
    Last Post: 2010-07-06, 04:58
  2. Bandwidth issue fo all HTTP/FTP traffic
    By ascssmith in forum IPS Blade (Formerly SmartDefense)
    Replies: 34
    Last Post: 2010-03-06, 18:56
  3. HTTP Traffic over proxy in DMZ
    By djsven in forum Services (TCP, UDP, ICMP, etc.)
    Replies: 8
    Last Post: 2007-08-03, 03:31
  4. question: Malformed HTTP Traffic
    By Alex_BT in forum IPS Blade (Formerly SmartDefense)
    Replies: 0
    Last Post: 2006-06-14, 09:23
  5. Checkpoint NG site VPN HTTP prpxy traffic
    By gold01 in forum Miscellaneous
    Replies: 4
    Last Post: 2005-12-12, 23:46


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts