Getting BADREQ 408 only externally

Hi, I’ve been digging the internet all night trying to figure out this issue.

So basically I installed a HA Proxy instance to be used as Reverse Proxy.

This is my simple haproxy.conf config:

HAProxy internal IP:

HAProxy External IP: 212.x.x.102 NAT’d to internal

Apache server IP:

My workstation internal IP:

My workstation External IP:

Checkpoint Policy & NAT:

Policy rule -

NAT rule -

All the packets in the firewall are accepted, none are blocked.

now, there are 2 scenarios:

  1. Testing in LAN ( Successfully ): pointing to

HAProxy Log:

TCPDump Log:

  1. Testing from WAN ( Unsuccessful ): pointing to 212.x.x.102.

HAProxy Log:

TCPDump Log:

This is really all the information I managed to collect.

I’m pretty lost right now as I tried everything I could :X

Appreciating any help!

Thank you

Haproxy never receives any actual request. The connection is established but there is no actual HTTP request in there and after 50 seconds it times out (you can see that by the cR disconnection reason and the 408 response).

What are the checkpoint logs saying?

It could theoretically be an MTU issue, but the first request should be quite small, so I really don’t get it.

What happens if on the Checkpoint instead of pointing to haproxy at, you point to the Apache server instead (just to check if the issue is also happening when the checkpoint points directly to