https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Emulation-failure-quot-Gzip-exceeded-maximum/m-p/258763#M50748 <P>I waited a few days with my answer to test the change. Apparently, it was precisely the function that was causing the issue, but the "Inspect compressed HTTP traffic" option wasn't selected (for whatever reason). Since selecting the option and increasing the limit, the messages in log-Files have disappeared and the websites load perfectly. Thank you so much!</P> Thu, 02 Oct 2025 08:25:27 GMT lraaicfdb 2025-10-02T08:25:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Emulation-failure-quot-Gzip-exceeded-maximum/m-p/258589#M50714 <P>Hello everyone,<BR />our security gateway is currently blocking Google pages from time to time. Threat emulation is stopping traffic with the error: HTTP parsing error occurred - Gzip exceeded maximum decompression ratio.</P><P>However, gzip is excluded in the Threat Emulation Blade. Can someone explain the error to me? What decompression ratio are we talking about here?</P><P>Thank you!</P> Tue, 30 Sep 2025 15:29:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Emulation-failure-quot-Gzip-exceeded-maximum/m-p/258589#M50714 lraaicfdb 2025-09-30T15:29:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Emulation-failure-quot-Gzip-exceeded-maximum/m-p/258594#M50716 <P>gzip in Threat Emulation refers to files with .gz.<BR />What this is referring to is the gzip compression that web servers sometimes do as part of the HTTP connection.</P> <P>HTTP Parsing Errors are usually triggered by specific inspection settings.<BR />There appears to be one for this:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/31582i5BEB07F123F292AE/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> <P>I don't believe disabling this option is a good idea.<BR />I would check with TAC here.</P> Tue, 30 Sep 2025 15:55:23 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Emulation-failure-quot-Gzip-exceeded-maximum/m-p/258594#M50716 PhoneBoy 2025-09-30T15:55:23Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Emulation-failure-quot-Gzip-exceeded-maximum/m-p/258763#M50748 <P>I waited a few days with my answer to test the change. Apparently, it was precisely the function that was causing the issue, but the "Inspect compressed HTTP traffic" option wasn't selected (for whatever reason). Since selecting the option and increasing the limit, the messages in log-Files have disappeared and the websites load perfectly. Thank you so much!</P> Thu, 02 Oct 2025 08:25:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Emulation-failure-quot-Gzip-exceeded-maximum/m-p/258763#M50748 lraaicfdb 2025-10-02T08:25:27Z