[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] ALLOW_NON_SYN_RULEBASE_MATCH question
Hopefully you're also running SP 2 for 4.1. -Jeff -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of Peter Goodridge Sent: Friday, November 10, 2000 10:28 AM To: firewall list Subject: [FW1] ALLOW_NON_SYN_RULEBASE_MATCH question Hi, I have a frame relay network connecting my different sites as well as a site to site VPN. Under 4.0 when frame relay went down everything would fail over very nicely to the VPN and my users didn't even know there was a problem. However; under 4.1 I get the dreaded "unknown established TCP packet" message when a session already running on frame relay tries to use the VPN. I know I can fix this by defining ALLOW_NON_SYN_RULEBASE_MATCH; however I don't want to open any holes for all my other traffic by doing so. I'm wondering if there is a way do this just for predefined site to site VPNs. If that won't work I can try getting my frame relay routers to tunnel the traffic though the VPN thereby creating new sessions when fail over happens, but that's likely to get pretty complicated. Any other ideas would be welcomed. THX, Pete Goodridge __________________________________________________ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one Place. http://shopping.yahoo.com/ ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|