CheckPoint Firewall Web Intelligence and Admin Pages

I thought I’d share my experiences since I couldn’t find any threads dealing with this.
I work at a UK university and we are starting to trial WordPress but a colleague and I ran up against problems using specific features of specific WordPress admin pages.
The most repeatable problem occurred when attempting to Update User details.
On clicking the “Update User” button the connection was lost between the browser on our workstations and the WordPress server.
After re-checking fastcgi, php and WP config files I tested the same functionality using the browser on the server.
The Update user worked no problem at all.
So this meant some sort of network problem or a problem with the browser.
I checked web server logs, system logs and found nothing untoward.

Fortunately I know our network layout and I’m backup firewall admin.
The connection from our workstatins to the server passed through our CheckPoint firewall.
We also use a module called “Web Intelligence” which amongst a host of other things provides protection against SQL Injection attacks.

Lo and behold in the Firewall logs were the POST http requests trying to update our users details.

Web Intelligence interpreted part of the URL string as suspect and blocked the request.

Unfortunately even the lowest setting of protection blocked the request so I had to turn off SQL injection attack protection to the WP site’s IP address to allow the request through.

Fingers crossed URLScan correctly configured, will pick up enough suspect traffic: our trial is running on IIS6 with fastCGI and PHP 5.3.