Greetings!
Bill_Royds@pch.gc.ca schrieb:
> Raptor enforces TSL/SSL (as a good firewall should).
> It requires the HTTPS Hello as first transaction and the transaction
> headers to be correct for HTTPS.
> It will not allow arbitrary binary through the HTTPS protocol as FW-1
> might.
> Perhaps your application is trying to avoid firewall checking by tunneling
> over the HTTPS port.
> If it is really binary, use another port with a GSP (General Service
> Protocol) for it, but don't expect any security checking.
...and remember to disable the HTTPS from your HTTP security daemon
if you need to use TCP/443 for the binary protocol, because on Raptor you
can have only one daemon listening to a specific port.
So if you want to use HTTPS alongside with the binary TCP/443 protocol
you have to see above. But with this you loose HTTPS (TSL/SSL) enforcement
for your plain HTTPS, too.
Bye
Volker
--
Volker Tanger <volker.tanger@detewe.de>
Wrangelstr. 100, 10997 Berlin, Germany
DiSCON GmbH - Internet Solutions
http://www.discon.de/
_______________________________________________
Firewalls mailing list
Firewalls@lists.gnac.net
http://lists.gnac.net/mailman/listinfo/firewalls