Hi All,
In the setup there is Load Balancer (which upon inital client's http connection is doing 302 http redirect to https site).
After upgrading the software version on the LB, CheckPoint with IPS is dropping that 302 - and is sending TCP Rest packet to Load Balancer and HTTP/1.1 503 Service Unavailable to the client:
HTTP/1.1 503 Service Unavailable
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Proxy-Connection: close
Connection: close
Content-Length: 768 |
|---|
<HTML><HEAD>
<TITLE>Network Error</TITLE>
</HEAD>
<BODY>
<FONT face="Helvetica">
<big><strong></strong></big><BR>
</FONT>
<blockquote>
<TABLE border=0 cellPadding=1 width="80%">
<TR><TD>
<FONT face="Helvetica">
<big>Network Error (tcp_error)</big>
<BR>
<BR>
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica">
A communication error occurred: ""
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica">
The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica" SIZE=2>
<BR>
For assistance, contact your network support team.
</FONT>
</TD></TR>
</TABLE>
</blockquote>
</FONT>
</BODY></HTML> |
There is a slight difference in http header of that 302 generated by Load Balancer on older and newer version:
| 1. Older software version of Load Balancer - CheckPoint not dropping it: |
|---|
HTTP/1.1 302 Moved Temporarily
Location: https://www.abs.com/
Connection: close
Cache-Control: no-cache
Pragma: no-cache |
| 2. New software version of Load balancer - 302 dropped by Checkpoint |
|---|
HTTP/1.1 302 Found : Moved Temporarily
Location: https://www.abs.com/
Connection: close
Cache-Control: no-cache
Pragma: no-cache |
Can you advise why IPS is dropping above (2) http 302 ? It does not 'like' colon in the header or something else ?
Thanks,
Andy
