NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Logs messages, I'm confused ??

Make sure that all of the rules in that policy got applied to that
particular firewall.  If you have a mix of "gateways" and "specific-fw"
in the "install-on" field, then you might have inadvertantly not applied
certain rules to that firewall.  Threfore the rule numbers wouldn't
match up.  Just one quick thought....

Jason

Simon Guo wrote:
> 
> I am more confused.
> 
> I have a rule 7 allowing a service with a rang of ports. And the logviewer
> shows the service ports are droped by rule 15 which is a "Accept" rule of
> other src/des/service.
> 
> Can anyone explain/speculate any possible cause of this? The service does be
> affected and I want the service up.
> 
> Thanks
> 
> Simon
> 
> -----Original Message-----
> From: Sukhpreet Singh [mailto:[email protected]]
> Sent: Friday, September 29, 2000 2:39 PM
> To: 'John Gesualdi'; fw
> Subject: RE: [FW1] Logs messages, I'm confused ??
> 
> They look like "drops" to me instead of "rejects". And seems like they're
> being dropped because of your rule # 59.
> 
> -----Original Message-----
> From: John Gesualdi [mailto:[email protected]]
> Sent: Friday, September 29, 2000 2:02 PM
> To: fw
> Subject: [FW1] Logs messages, I'm confused ??
> 
> I'm running FW1 4.0 SP5 on a Nokia. I have a Web server in my DMZ, I'm
> noticing
> allot of rejects in my logs for this web server. They look like these and
> I'm
> getting a whole bunch. The weird thing is that my site is up and I have not
> gotten any complaints from users trying to access it.
> 
> 21:59:59 drop   frt     >eth-s1p1c0 proto tcp src d181820ad.rochester.rr.com
> dst
> www service http s_port 2439 len 48 rule 59
> 
> 21:59:59 drop   frt     >eth-s1p1c0 proto tcp src cache-dg09.proxy.aol.com
> dst
> www service http s_port 50655 len 48 rule 59
> 
> The FW1  log viewer shows these coming from "daemon" and rule 0. Can someone
> try
> to explain this. I'm concerned that I may be losing hits. Thanks very much.
> 
> --
> John Gesualdi
> The Providence Journal Company
> Phone> Pager> CCDP,CCNP
> 
> ============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
> 
> ============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.