said by HELLFIRE:This is not the first time some "legitimate" HTTP/HTTPS application get zapped. It is possible that the application does not employ standard RFC somewhere hence the zapper sees them as illegitimate traffic to zap. It is then about tune the zapping level in addition to be using the trusted/proven zapping method and/or appliance.
Thanks for the advice, will keep it in mind. Like I said in the beginning, nearly ALL HTTP/S traffic I ever ran
with CBAC on didn't have an issue; I don't think I use all possible HTTP/S connections out there, but all the typical
stuff these days -- std HTTP/S pages, logins, youtube, HTTP downloads, etc. ALL played nicely EXCEPT JDownloader
updates which used an HTTPGET BUT "ip inspect http" SOMEhow thought it was not a valid setup / connection
and killed the session.