Not sure if this should be a Security Forum Q or a Network Forum Q but here goes:

We have an Apache webserver protected by an appliance firewall (Symantec VelociRaptor). I can successfully access SSL pages on this server through the firewall using a Windoze client but cannot access the same pages through the firewall using a Linux client (using the same client IP address). The Linux client can successfully access the pages when the firewall is not in the way. Clearly the firewall is successfully passing 443 since the Windoze client works.

Symptoms are that Mozilla pops up a box about the certificate authority (does this at both locations and this is quite reasonable) then when you acknowlege this is "stalls" for a long time then pops up a box saying "connection terminated abnormally. Some data may have been transferred". Packet capture shows the client repeatedly PUSHing what seems to be the same packet and the server repeatedly ack'ing this sequence number.

I'm kind of guessing that the firewall may be altering the packet some way as it passes it and that Linux/Mozilla can't handle the change.

Has anyone else struck this? If so do they have any ideas as to what the firewall may be doing to stuff up the linux client (the firewall is linux-based BTW so it isn't sabotage by Uncle Bill ).

Any ideas appreciated.
Thanx
Rick

Since you established SSL "works" (which is functionality that provides some form of secured access, not a security issue) this ain't a Linux - Security forum question by my std's. I would suggest two things: testing with more (preferably non-mozilla) Linux clients. If those tests succeed, then in the case it appears to be network munging by the Raptor you should be heading for either Symantec support (as you payed for the package, right?) or something like experts-exchange. After all it's not we don't wanna help, but this community is somewhat centered around Linux.