ProxyDeny: HTTP Invalid Request-Line format
Hi
i'm new to my company in IT Dept, and the 2 other people i'm workiong with are not familiar with Watchguard admin (neither do i, this only one who know it left several month ago before me)
we have a situation, where we need to allow a Forticlient VPN acces for some users, needed for a specific software.
for now, in our firewall, it's not working, we have this in our log
2023-01-10 17:23:50 Member2 Deny 10.0.3.123 194.51.68.77 https/tcp 63523 443 Reseau local FO-SFR ProxyDeny: HTTP Invalid Request-Line format (HTTPS-Inspect-TEST-00) proc_id="http-proxy" rc="595" msg_id="1AFF-0005" proxy_act="HTTP-HTTPS-Inspect-Test" geo_dst="FRA" line="\x00\x16PP\x00\x10\xc0!\x01\x01\x00\x0e\x01\x04\x05J\x05\x06|(\xa9b"
how can i allow this traffic ?
tried to snitch around the HTTP-HTTPS-Inspect-Test proxy rule, but can't find where to allow this.
Comments
The general recommendation for errors such as this is to add a HTTPS predefined packet filter, From: Any-trusted or the source IP addr To: the IP addr (194.51.68.77) or domain name of the site.
Make sure that this new policy ends up above the current HTTPS proxy policy - HTTP-HTTPS-Inspect-Test.
Hi, thanks
how do you make a HTTPS predefined packet filter in fireguard ?
edit : ok, just find out, i thougth i had to add a specific filter but it seems to work now
thanks
What tool are you using to manage your firewall config?
The Web UI or WSM Policy Manager?
Add Policies to Your Configuration
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/policies/add_policy_c.html