NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] unknown established tcp packets...

Yeah, I know that these are because there is no state table entry for the
TCP session,
and I know how to make these dropped packet messages go into the bit bucket,
but that
was not really what I was asking....

I was more interested if having a high number of these is normal or a
symptom of a problem.


-----Original Message-----
From: root [mailto:root]On Behalf Of Cristian Nicolae
Sent: Saturday, September 30, 2000 5:22 PM
To: Carl E. Mankinen
Cc: [email protected]
Subject: Re: [FW1] unknown established tcp packets...


Carl,
Have a look at
http://www.phoneboy.com/fw1/faq/0408.html on this problem
Cristian

"Carl E. Mankinen" wrote:
>
> I have been noticing since I upgraded to 4.1 SP2 that my logs are getting
a lot more of these rule 0 drops than I had ever seen
> before.
> >From what I understand, this happens because the firewall is receiving a
TCP packet with the established bit set and it has no
> session information in it's state tables to verify that this is a valid
conversation.
>
> Is this something that just happens a lot with TCP conversations and
nothing to be concerned about, or is this a symptom of some
> problem which I should pay closer attention too? The packets which are
causing the rule 0 drop are invariably arriving at the
> outside interface.
>
> I know I can prevent this from being logged, but I would rather make sure
that I am not covering up a problem before I do this. My
> interfaces on all my routers look really clean, and the settings on the
firewall properties for TCP session timeouts is set for 30
> minuten.
>
> Could this be a problem with my fw dropping it's state table entries?
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.