[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] 4.1 SP2 and ALLOW_NON_SYN_RULEBASE_MATCH
http://www.phoneboy.com/fw1/faq/0408.html I left mine in, on the reasoning that 'they put it in there for a reason' and if you read the release notes it covers it very well. If you have a lot of these I suggest you look elsewhere for the cause (sync - network - switches - etc.) Don't forget that the connection will be re-transmitted and the user should see no problem. Paul -------------------------------------------------------------------------------------------- C. Paul Simons Corporate Network Services IHS Energy Group, Englewood, CO. Main:Direct:Fax:Mobile:Tom Sevy <[email protected]> Sent by: To: "Check Point FW List (E-mail)" [email protected] <[email protected]> kpoint.com cc: Subject: [FW1] 4.1 SP2 and ALLOW_NON_SYN_RULEBASE_MATCH 26-10-00 09:59 After upgrading two IP440's to 4.1 SP2, we starting seeing lots of drops on rule 0 with reason: unknown established TCP packet I uncommented the #define ALLOW_NON_SYN_RULEBASE_MATCH statement in lib/fwui_head.def and pushed the policy out. Cleared up the problem right away. Comment: This was disrupting communication from our Internal zone into the DMZ zone. Critical. Can't tolerate this. Questions: 1) How great is the danger of leaving this non-match in effect? 2) Wouldn't this create more problems if one of the Nokias fails over to the other? Seems there would be a painful period of re-establishing all TCP connections, and again when failing back to primary Nokia. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|