Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is it CheckPoint or is it MS IE5.5??

Status
Not open for further replies.
Footnotes

Footnotes

Technical User
Jul 30, 2002
18
0
0
US
We recently moved from a Raptor FW to CheckPoint NG (nested behind a Raptor). Starting about this time we had a number of users reporting that they can get to the desired website, but then get the "The page cannot be displayed" message. This happens when they use a search engine or try to bore down into the site.

Some pertinent facts:
1. Nested firewall setup, with CheckPoint NG on the inside, Raptor 6.5.3 on the outside
2. Problem seems to be with certain web sites' search engines
3. The sites work inside of our firewall when using Netscape to view them (no proxy necessary), but fails with MSIE (regardless of proxy settings)
4. The sites work outside of our internal CheckPoint firewall using MSIE proxying off the Raptor firewall
5. The sites work when using MSIE and proxying to the Raptor firewalls, but only on the first attempt. All subsequent attempts fail with the same generic error message, "Page Cannot Be Displayed"
6. HTTP GET comes from user's browser, response from web server includes
TCP Window Size=0 on failures. On successes, the TCP Window Size is normal.
7. MTU size coming from these sites is no bigger than 1490 Bytes.


Here's the URL that we're having trouble with:

Here's another web site's search engine that's causing us problems:

Any suggestions are appreciated.
 
Sort by date Sort by votes
are you using http with resource (e.g. AV) in the firewall rules as i have found that this sometimes interferes with search engine sites.

do you have activex stripping set as this will stop some search sites.
 
Upvote 0 Downvote
Piloria--Yes we are running resources with http. We are using Rule #1 for logging purposes. We are not using ActiveX stripping.
 
Upvote 0 Downvote
Piloria- Your suggestion has fixed the problem. We removed the HTTP URL resource and the problem appears to have cleared up. Thank you for your help...Footnotes
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
146
Johnkite
Johnkite
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
61
Russtoleum
Russtoleum
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
121
nnaarrnn
nnaarrnn
MottoK
  • Locked
  • Question
Cisco ISE blank GUI
Replies
0
Views
109
MottoK
MottoK
mattbarkerlfc
  • Locked
  • Question
Checkpoint 2200 subnet overlap problem
Replies
0
Views
39
mattbarkerlfc
mattbarkerlfc

Part and Inventory Search

Sponsor

Back
Top