Not sure if this should be a Security Forum Q or a Network Forum Q but here goes:
We have an Apache webserver protected by an appliance firewall (Symantec VelociRaptor). I can successfully access SSL pages on this server through the firewall using a Windoze client but cannot access the same pages through the firewall using a Linux client (using the same client IP address). The Linux client can successfully access the pages when the firewall is not in the way. Clearly the firewall is successfully passing 443 since the Windoze client works.
Symptoms are that Mozilla pops up a box about the certificate authority (does this at both locations and this is quite reasonable) then when you acknowlege this is "stalls" for a long time then pops up a box saying "connection terminated abnormally. Some data may have been transferred". Packet capture shows the client repeatedly PUSHing what seems to be the same packet and the server repeatedly ack'ing this sequence number.
I'm kind of guessing that the firewall may be altering the packet some way as it passes it and that Linux/Mozilla can't handle the change.
Has anyone else struck this? If so do they have any ideas as to what the firewall may be doing to stuff up the linux client (the firewall is linux-based BTW so it isn't sabotage by Uncle Bill
Any ideas appreciated.