LAN Routing
cancel
Showing results for 
Search instead for 
Did you mean: 

3com's "SPI and Anti-DoS firewall" blocks https

 
duli_1
Occasional Advisor

3com's "SPI and Anti-DoS firewall" blocks https

Hello:



I have a CentOS http webserver behind a 3com 3CR858-91 router (firmware updated - V1.15-168).



For no apparent reason, when I'm accessing my website from a remote computer via https connection, the router suddenly and randomly blocks the connection and I get a timeout.



This is what appears at the router's log:



2010.04.16 20:44:52 **Vecna Scan** 192.168.0.100, 443->> 189.33.97.18, 51857 (from WAN Outbound)



My webserve address is 192.168.0.100 and the 189.33.97.18 is the address of the remote computer I'm doing the tests from.



Well, of course my computer is not doing a "vecna scan" (I don't know what that means), since all I'm doing is access the website through https.



The funny thing is: the problem can only be reproduced if I use, on the remote machine, my other 3com router (a 3CRWER300-73, firmware also updated).



If I change the remote router for another one (d-link, siemens etc.), then the issue does not happen.



Also, if I disable the option "SPI and Anti-DoS firewall protection" on the webserver's router, then it all works just fine, no matter what router I have on the remote machine.



Just for clarification, the remote machine I'm talking about has Fedora 12 and the browsers I'm testing are firefox and google chrome and the problem happens with both, as long as I leave the SPI option on and use the 3com routers on both sides.



Another curious fact is the problem does not happen at all with http connections, just https.



Is it a bug in the 3CR858-91router? Is it possible to have 3com fix it?



Thanks a lot!



Luis Felipe