Can't Verify Reverse Address/SSL??

[Footnotes]

We just upgraded to Raptor 7.0 from 6.0. The firewall log seems to have way to many warning messages that say "Can't verify reverse address". About 1/2 of these also contain "Mismatched reverse lookup".

We also seem to have an SSl problem that allows connections to secure sites but fails when any secure information is passed. The failure is in the form of "...This page cannot be displayed.." and the firewall contains an informational entry and no error entry.

Does anyone know what is causing the messages and how to get rid of them? Also, do you think the SSL problem is related? Thank you, Footnotes.

 

[lanceja]

Have you gone into config.cf file and set Reverse_mismatch (I think that is the line) to yes. That will still give you the error messages but will let everything work.

What ports do you have open for your SSL connections? I want to say that you need to open at least TCP443 for SSL but am not sure.

Hope this helps some.

 

[rlee1]

patch SG7000-20020819-00 blocked our ability to get into secure sites. I backed up to the patch prior to that one and it cleared up.

 

[rlee1]

ya just have to love this business

on the patch instructions for SG7000-20020819-00 it mentions nothing about editing the config.cf file. But, the knowledge base article does. so make sure you look in multiple places to get the proper instructions

"IMPORTANT: After applying the Hotfix bundle, add the following line to the config.cf file: httpd.tls_kernelproxy=0"


the location for the axtvpc.sys file is incorrect in the instructions also.

see article named
"Symantec Enterprise Firewall HTTPD vulnerability Hotfix bundle"