Technical FAQs

Ask a Question

Issues with NetBotz Appliances in Post-Only Mode and Some Firewalls

Issue:

Issues with NetBotz Appliances in Post-Only Mode and Some Firewalls

Product Line:

NetBotz

Environment:

Potentially any version

Cause:

Default configurations of some IP based firewalls may cause problems with NetBotz appliances operating in Post-Only mode due to the fact that NetBotz appliances inserts custom information in to the HTTP headers.

NetBotz appliances in post-only mode must include additional identification & session information in all HTTP traffic sent to a NetBotz Central. Many firewalls that perform packet inspection may remove the custom / proprietary headers from the HTTP traffic or drop the packets all together. Either of these actions will cause the NetBotz appliances to be unable to communicate with a NetBotz Central in post-only mode.

The symptom to this would be NetBotz appliances in post-only mode that can NOT successfully register with the NetBotz Central. Viewing the firewall's log may indicate that the packets from the NetBotz appliance contains proprietary or unknown headers.*

Resolution:

The solution is to change the configuration on the firewall to not remove unknown / proprietary headers or not drop packets with this information.

NetBotz has discovered that WatchGuard Firewalls are configured by DEFAULT to strip out unknown headers. To change configuration on a WatchGuard Firewall use this procedure:
  • From the Watchguard Policy Manager bring up the current configuration for the Firewall
  • Double click on the HTTP service
  • Choose the properties tab
  • Choose the settings button
  • uncheck ""Remove unknown headers""
  • Click the ok button
  • Click the ok button again to exit the http service configuration
  • Save the configuration for the changes to take affect.


     
Was this helpful?
What can we do to improve the information ?