HAProxy community

Getting BADREQ 408 only externally


Hi, I’ve been digging the internet all night trying to figure out this issue.

So basically I installed a HA Proxy instance to be used as Reverse Proxy.

This is my simple haproxy.conf config:


HAProxy internal IP:

HAProxy External IP: 212.x.x.102 NAT’d to internal

Apache server IP:

My workstation internal IP:

My workstation External IP: 212.199.xx.xxx

Checkpoint Policy & NAT:

Policy rule - https://i.imgur.com/drtYkQ6.png

NAT rule - https://i.imgur.com/jlt2jaL.png

All the packets in the firewall are accepted, none are blocked.

now, there are 2 scenarios:

  1. Testing in LAN ( Successfully ): shlomitest1.prv.co.il pointing to

HAProxy Log: https://pastebin.com/jLvbtXnk

TCPDump Log: https://pastebin.com/0SPSkGhf

  1. Testing from WAN ( Unsuccessful ): shlomitest.prv.co.il pointing to 212.x.x.102.

HAProxy Log: https://pastebin.com/MdSUpyUz

TCPDump Log: https://pastebin.com/ypajJ6nN

This is really all the information I managed to collect.

I’m pretty lost right now as I tried everything I could :X

Appreciating any help!

Thank you



Haproxy never receives any actual request. The connection is established but there is no actual HTTP request in there and after 50 seconds it times out (you can see that by the cR disconnection reason and the 408 response).

What are the checkpoint logs saying?

It could theoretically be an MTU issue, but the first request should be quite small, so I really don’t get it.

What happens if on the Checkpoint instead of pointing to haproxy at, you point to the Apache server instead (just to check if the issue is also happening when the checkpoint points directly to