Troubleshooting guide
52
Chapter 7: Troubleshooting Security Servers and
Content Security
In This Chapter:
HTTP Security server
How to Improve HTTP Security Server performance in a High Performance Environment.....................54
Environment ...................................................................................................................................................54
Hardware ........................................................................................................................................................54
IP Interface .....................................................................................................................................................55
The Software ..................................................................................................................................................55
VPN-1/FireWall-1 Rule Base..........................................................................................................................55
Diagram of the environment ...........................................................................................................................56
Tuning.............................................................................................................................................................56
Performance Test...........................................................................................................................................57
Conclusions ....................................................................................................................................................59
Resolving Common HTTP Security Server Problems..................................................................................59
VPN-1/FireWall-1 Security server and HTTP 1.1...........................................................................................59
Client Authentication issues related to the HTTP Security Server.................................................................60
HTTP Security Server and DNS.....................................................................................................................61
How to use CVP for content security with HTTP and/or a URI service on ports other than 80 .....................62
What rules are needed when setting up Content Security.............................................................................62
Troubleshooting Security Server Performance problems...........................................................................63
Test Plan.........................................................................................................................................................63
FTP Security Server
The FTP security server ..................................................................................................................................66
Resolving Common FTP security server problems .....................................................................................66
FTP data connections are dropped by the FireWall.......................................................................................66
Allowing FTP data connections through the FireWall on random ports .........................................................68
Port command must end with a new line........................................................................................................68
Bi-directional FTP Data connection are not allowed ......................................................................................68
Fast mode and FTP........................................................................................................................................68
FTP connections hang during large file transfers...........................................................................................68
FTP PASV vulnerability: .................................................................................................................................69
PORT command is blocked............................................................................................................................69
FTP commands being blocked by the FTP Security Server ..........................................................................69
PWD command is not enabled on the FTP server.........................................................................................69
How to cross several VPN-1/FireWall-1 Authentication Daemons.................................................................70
How to add a support for a new command to the ftp security server.............................................................70