andrzej starmach

Why Checkpoint is dropping http 302 redirect?

Discussion created by andrzej starmach on Mar 16, 2018
Latest reply on Mar 21, 2018 by Dameon Welch Abernathy

Hi All,

In the setup there is Load Balancer (which upon inital client's http connection is doing 302 http redirect to https site).

After upgrading the software version on the LB, CheckPoint with IPS is dropping that 302 - and is sending TCP Rest packet to Load Balancer and HTTP/1.1 503 Service Unavailable to the client:

 

 

HTTP/1.1 503 Service Unavailable
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Proxy-Connection: close
Connection: close
Content-Length: 768

<HTML><HEAD>
<TITLE>Network Error</TITLE>
</HEAD>
<BODY>
<FONT face="Helvetica">
<big><strong></strong></big><BR>
</FONT>
<blockquote>
<TABLE border=0 cellPadding=1 width="80%">
<TR><TD>
<FONT face="Helvetica">
<big>Network Error (tcp_error)</big>
<BR>
<BR>
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica">
A communication error occurred: ""
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica">
The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica" SIZE=2>
<BR>
For assistance, contact your network support team.
</FONT>
</TD></TR>
</TABLE>
</blockquote>
</FONT>
</BODY></HTML>

 

 

 

There is a slight difference in http header of that 302 generated by Load Balancer on older and newer version:

 

1. Older software version of Load Balancer  - CheckPoint not dropping it:
HTTP/1.1 302 Moved Temporarily
Location: https://www.abs.com/
Connection: close
Cache-Control: no-cache
Pragma: no-cache

 

 

 

2. New software version of Load balancer - 302 dropped by Checkpoint 
HTTP/1.1 302 Found : Moved Temporarily
Location: https://www.abs.com/
Connection: close
Cache-Control: no-cache
Pragma: no-cache

 

Can you advise why IPS is dropping above (2) http 302 ? It does not 'like' colon in the header or something else ?

 

Thanks,

Andy

Outcomes