First, sorry if this is in the wrong place. I placed it here because it was an issue encountered with forward proxying however I appreciate that this may be firewall related.
OK one of my colleagues was testing an app that connects to the internet to talk to a licencing server and it wasn't working.
The traffic wasn't appearing in the Web Filter live logs so I asked him to install Fiddler on his pc and retest which is where it got interesting.
Fiddler threw up a Protocol Violation Report for HTTP Protocol Violations because it found an extra whitespace in request line.
Using Fiddler to correct, this my colleague found that the app could then connect and register it's licence.
Now my question is, if this isn't being logged in the Web Filter live log then I'm assuming that UTM is detecting this protocol violation and is blocking at a different layer/service however I couldn't track down where this was or what log to check for this. Anyone have any ideas? I just want to know in case this crops up again.
For info, we're not using Intrusion Prevention or Web Application Firewall. This is a backend UTM forward proxy that upstreams to an edge firewall
thanks
Mark
This thread was automatically locked due to age.
