Browse FAQs

Issues with NetBotz Appliances in Post-Only Mode and Some Firewalls

Published date: 23 July 2020


Issues with NetBotz Appliances in Post-Only Mode and Some Firewalls

Product Line:



Potentially any version


Default configurations of some IP based firewalls may cause problems with NetBotz appliances operating in Post-Only mode due to the fact that NetBotz appliances inserts custom information in to the HTTP headers.

NetBotz appliances in post-only mode must include additional identification & session information in all HTTP traffic sent to a NetBotz Central. Many firewalls that perform packet inspection may remove the custom / proprietary headers from the HTTP traffic or drop the packets all together. Either of these actions will cause the NetBotz appliances to be unable to communicate with a NetBotz Central in post-only mode.

The symptom to this would be NetBotz appliances in post-only mode that can NOT successfully register with the NetBotz Central. Viewing the firewall's log may indicate that the packets from the NetBotz appliance contains proprietary or unknown headers.*


The solution is to change the configuration on the firewall to not remove unknown / proprietary headers or not drop packets with this information.

NetBotz has discovered that WatchGuard Firewalls are configured by DEFAULT to strip out unknown headers. To change configuration on a WatchGuard Firewall use this procedure:
  • From the Watchguard Policy Manager bring up the current configuration for the Firewall
  • Double click on the HTTP service
  • Choose the properties tab
  • Choose the settings button
  • uncheck ""Remove unknown headers""
  • Click the ok button
  • Click the ok button again to exit the http service configuration
  • Save the configuration for the changes to take affect.


Was this helpful?

What can we do to improve the information ?

Can't find what you are looking for?

Reach out to our customer care team to receive information on technical support, assistance for complaints and more.