[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: problem with port 443 traffic



> as for why they are getting blocked:
> dont modulate state, keep state on the https
> this works for me
jack the timeouts up (use the conservative optimization level).  IIS and
IE do some funky shit with how they honor the tcp FIN flag.  the default
timeouts could drop the connection after 15 minutes of idle time if one
endpoint doesn't honor the other endpoints close request (FIN flag).
alternatately, you could put a flags S/SA on the 'modulate state' rule
and return-rst non S/SA packets.  that _should_ work (it may depend on
the browser).
 
.mike