Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2024-09-28 16:35:37 +0000

SYN-bit gravatar image

Thanks for the packet capture. Am I right in assuming that 10.133.192.95 is the application server and 172.16.223.11 is the forcepoint proxy?

What I notice in the packets is:

  • The TTL of the SYN/ACK is 127, while the TTL of the RST is 128
  • The mac addresses involved are a Microsoft one and a Checkpoint one

So to me it seems there is a Checkpoint firewall in between that seems to reset the connection, based on the desination host in the CONNECT request. Can you confirm this? And is there an URL filter list active on the checkpoint firewall?