Some traffic is bypassed / dropped by Anti-Bot (depending on engine settings) with the following reason:
Could not connect to x.x.x.x:8080. Failed to connect to Check Point Anti Malware detection service:
SmartViewTracker shows alert logs from the URL Filtering blade: "Internal System Error occured" for HTTP sites.
The cpstat -f RAD_status urlf command shows: "Cannot connect to cws.checkpoint.com".
RAD debug (rad_admin rad debug on all) shows:
[rad_http_response_runner.cpp:105] CRadHttpResponseRunner::run: [INFO] run chain 'CRadHttpResponseParseStatus' is ok, total read = 0
[rad_http_response_find_content_length.cpp:130] CRadHttpResponseFindContentLength::run: [INFO] enter to ...
[rad_http_response_find_content_length.cpp:77] CRadHttpResponseFindContentLength::parse: [INFO] enter to ...
[rad_http_response_find_content_length.cpp:87] CRadHttpResponseFindContentLength::parse: [ERROR] 'Content-Length: ' is not found
[rad_http_response_runner.cpp:94] CRadHttpResponseRunner::run: [ERROR] error running chain <CRadHttpResponseFindContentLength>
[rad_http_response.cpp:71] CRadHttpResponse::handle_data: [ERROR] CRadHttpResponse:0x84a2d6c error processing response buffer
[rad_connection.cpp:472] CRadConnection::CRadPender::handle_data: [ERROR] error processing http response
[rad_connection.cpp:876] CRadConnection::handle_data: [ERROR] error reading: 0x840db58, _dlen = 256
[rad_fwconn.cpp:1141] CRadFwConn::handle_data: [ERROR] error on data handle
Kernel debug (of APPI and RAD_KERNEL modules) shows:
{policy} [ERROR]: appi_rad_uf_cmi_handler_match_cb_handle_url: rad_kernel_api_async_get_resource() failed, error: service is down;
{policy} [ERROR]: appi_rad_uf_cmi_handler_match_cb: appi_rad_uf_cmi_handler_match_cb_handle_url() failed;
{global} rad_kernel_api_check_service_status: service is down;
{global} rad_kernel_api_async_get_resource_ex: RAD service is down;
Cause
The HTTP response packets arrive at the Security Gateway modified. For example, a 3rd party proxy server changes the header's fields order.
