This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Pantsu
Contributor
‎2020-01-27 10:58 PM

r80.20 - Application Control - HTTP parsing error occurred (2)

hello 
I have URL filtering in checkpoint and when i try to enter in some web page it's writing this error in web browser:"Error: Error: The Web Socket transport is in an invalid state, transitioning into reconnecting". 
and in the smartconsol logs, there is these logs:

see it in screenshots.  

 

1) IPS detect , but accept

check_error2.jpg

2) Alert and Block Traffic

check_error.jpg

 

0 Kudos
12 Replies
G_W_Albrecht
Legend Legend
Legend
‎2020-01-27 11:56 PM

Much too small screenshots !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Pantsu
Contributor
‎2020-01-28 05:18 AM
In response to G_W_Albrecht

there are only these logs 

0 Kudos
PhoneBoy
Admin
Admin
‎2020-01-30 01:54 PM

Possible this is fixed in a recent JHF.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Recommend getting the TAC involved.
0 Kudos
Pantsu
Contributor
‎2020-02-14 04:57 AM
In response to PhoneBoy

thanks .
i'll  try it in the weekend

0 Kudos
dumbhead123
Contributor
‎2020-05-12 11:06 AM
In response to Pantsu

I am seeing similar behavior with couple of firewalls on R80.20 too. While there are IPS detect messages with same error "HTTP parsing error occurred, bypassing request" under IPS with accept action.
This is observed on different ports too (may be the nature of traffic could be HTTP).

Did you happen to get a solution.
0 Kudos
Guillaume_CH
Explorer
‎2020-07-09 02:22 AM
In response to dumbhead123

Hello, anyone also seeing this issue ?

 

i am having in r80.20 too, i am seeing it also as an IPS logs

"HTTP parsing error occurred, bypassing request"

action is accept.

 

looks like it is on http(80) traffic between some app servers

no details on traffic, but i was wondering if it could be an issue in the HTTP protocol decryption process/library

 

thanks

 

0 Kudos
(1)
PhoneBoy
Admin
Admin
‎2020-07-09 12:15 PM
In response to Guillaume_CH

We might be able to fix this with a TAC case and packet captures of the relevant traffic.
0 Kudos
VIKAS1
Explorer
‎2025-05-28 05:47 AM
In response to PhoneBoy

Hi,

i am facing similar issue with R81.20 jhf 92,..find the logs below..

 

Id: d330ecfd-30a5-b4f5-6836-ff2000000001
Marker: @A@@B@1748421745@C@3663348
Log Server Origin: 14.195.0.0
Time: 2025-05-28T12:18:40Z
Interface Direction: outbound
Interface Name: bond1
Connection Direction: Outgoing
Id Generated By Indexer: false
First: false
Sequencenum: 27
Source Zone: Internal
Destination Zone: External
Service ID: http
Source: 10.199.X.X
Source Port: 56125
Destination: 199.X.X.X
Destination Port: 80
IP Protocol: 6
Xlate (NAT) Source IP: 125.X.X.X
Xlate (NAT) Source Port: 11027
Xlate (NAT) Destination Port:0
NAT Rule Number: 89
NAT Additional Rule Number: 0
User: XXX Helpdesk (XX-helpdesk@XX.local)
Source User Name: XXX Helpdesk (XX-helpdesk@XX.local)
Source Machine Name: XX-l01-ap03@XX.local
Src User Dn: CN=XX Helpdesk,OU=Administrative,DC=X,DC=local
Destination Updatable Object:Office365 Worldwide Services
Dst Uo Icon: @app/cp_ms_office365
Nat Rule Uid: 01cd4834-f23b-4f49-a121-b9f3f2113e23
Hll Key: 290745191648254730
Context Num: 1
Client Type: Other: Microsoft BITS/7.8
Precise Error: body filter failed in response
Proxied Source IP: 10.X.X.X
Reason: Application Control - HTTP parsing error occurred (2)
Action Reason: Blocking request as configured in engine settings of Application Control
Last Hit Time: 2025-05-28T12:18:40Z
Action: Block
Policy Name: RM2-Cluster-Policy
Policy Management: XX-FW-001
Db Tag: {2270F3A2-DE15-6440-9109-8B54430AD2B9}
Policy Date: 2025-05-28T11:45:24Z
Blade: Firewall
Origin: XX-RM2-FW01
Service: TCP/80
Product Family: Access
Logid: 15
Resource: http://au.download.windowsupdate.com/c/msdownload/update/software/secu/2025/05/windows10.0-kb5058383...
Access Rule Name: LAN
Access Rule Number: 35
Policy Rule UID: 595c5776-d1f0-4dec-9352-944d2eeefd8f
Layer Name: Application & URL
Interface: bond1
Description: http Traffic Blocked from XX Helpdesk (XX-helpdesk@XX.local)(10.X.X.X) to 199.X.X.X
Type: Connection, Alert

 

Preview file
16 KB
Preview file
82 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2025-05-28 09:16 AM
In response to VIKAS1

There's an SK for this particular issue: https://support.checkpoint.com/results/sk/sk182330 

0 Kudos
VIKAS1
Explorer
‎2025-05-28 10:31 PM
In response to PhoneBoy

@PhoneBoy   i hv flowed the SK182330 and applied the policy but after policy installation success we hv got some succeeded with warning massage ..fyi, snap attached. 

Preview file
84 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2025-05-29 04:16 PM
In response to VIKAS1

This is warning you that some of the Application Control signatures you've specified require HTTPS Inspection to be enabled and it's not on one of your gateways.

VIKAS1
Explorer
‎2025-05-29 09:47 PM
In response to PhoneBoy

@PhoneBoy thnks

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 07 Oct 2025 @ 09:30 AM (CEST)

    CheckMates Live Denmark!
    CheckMates Events