Inside the file was some hex with nothing in it. It seems the headers were getting messed up so the client got some data from the web server, didn't know what to do with it so downloaded it.
This was an issue with https inspection on the firewall. A hotfix install fixed the issue.
Check for any FW or IPS device in between client and server.
Check FW logs + web server logs (does traffic make it to inside server)
Check NAT -> inside IP
Is inside webserver up and working
Is inside web server getting the traffic
Took packet capture on outside could see the cert handshake trying over and over which indicates SSL issue.
No comments:
Post a Comment