This is a production issue that I have currently and would appreciate any ideas as to why and how this is happening . We have an SAP portal whose name has currently been changed . A lot of users still know the old name but there is a huge effort to direct users to the new name. The issue is that the developers have not customized the old site with the new name so they are using redirection from one site to another to acheieve their goal.
For eg : old site name : http://www.siteold.com and IP address 10.1.1.1 and new site name http://www.sitenew.com and IP 10.1.1.2 . So when a user makes a request to http://www.sitenew.com he/she is automatically redirected to http://www.siteold.com and the reply goes out from 10.1.1.1 . This is an issue because the original destination IP was 10.1.1.2 and now the reply is coming from 10.1.1.1 . While this is not an issue at most sites , we have users in military (DoD) sites where when they hit the new site they get a blank page.
My assumption is that because the return traffic is coming from an IP that was not the original destination IP , and that the DoD FW or IPS/IDS is expecting a reply from 10.1.1.2 , the return packet is dropped.
My question is what rules/signatures on the DoD firewall/IPS/IDS would drop this traffic .
I would really appreciate it if someone could help shed some light on this topic as it is a feature we would like to implement as well and because I do not know what rules would caue this drop ... I am unsure as to how to implement it.