Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.

Traffic inspection bug relay_invalid_traffic

Parents
  • Thanks to everyone who has reported sites or applications that trigger the HTTP pipelining issue.

    Could you also confirm which firmware version you are using when you make these reports. There were some issues addressed in v18.0 MR4 where packet boundary issues sometimes caused the Firewall to report pipelining where it wasn't actually being used. If you're not using MR4, it would be great if you could upgrade and see if the problem persists.

  • I am using v18.0 MR4.
    Unfortunately, there are still issues.

  • Trying to reproduce the issue with MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT, I see similar requests from Windows machines on my network but they are never getting blocked or logged as pipelined.

    The requests to go.microsoft.com/fwlink/... always gets a status_code="302" response - a redirection.

    They are always followed in the log by a request to dmd.metaservices.microsoft.com

    There is then another request to go.microsoft.com/fwlink/... but this always seems to come over a new TCP connection (it has a different source port), so it cannot be Pipelined.

    Perhaps you could take a look in the detailed log viewer and filter it on "go.microsoft.com". It would be interesting to see (a) how often these requests are blocked as Pipelined, and (b) if there are requests logged immediately after or before the 'blocked' ones that might give us some hints as to why some are OK and some not.

  • Thank you for your support.

    (a) "HTTP pipelined request encountered." was 1/64.
    (b) There was no access from the same source port.

    And Denied with reason="" was 18/64.
    When is this? Is this related?

Reply Children
No Data