[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] unknown established TCP packet
>From the 'release notes' for SP2 Feature Enhancements Managing TCP SYN Packets With this service pack, only TCP SYN (TCP connection initiation) packets are allowed to be matched to the rule base. Non-SYN connections that do not belong to any known connection are dropped. This change eliminates some cases where packets failed to undergo correct network address translation. This change causes the following side effects: n It blocks the traffic on any connections which have been inactive for a longer period than the TCP timeout. The change only affects the TCP traffic. n All TCP connections established before starting the FireWall will be blocked. n All TCP connections established before installing the first Security Policy after the upgrade from 4.1 FCS to 4.1 SP2 will be blocked. TCP connections blocked as a result of this change will be logged as unknown established TCP packets. To disable logging of this event, do the following: 1 On the Management Module, open the file $FWDIR/lib/fwui_head.def. 2 Uncomment the line #define NON_SYN_RULEBASE_MATCH_LOG The above side effects do not affect TCP connections between the VPN/FireWall Module and the VPN-1/ FireWall-1 Management Station. To disable the change, do the following: 1 On the Management Module, open the file $FWDIR/lib/fwui_head.def 2 Uncomment the line: /*#define ALLOW_NON_SYN_RULEBASE_MATCH */ 3 Install the policy. Most of the changes in SP2 were made as a result of a test somebody ran against FW-1 to break it - they succeeded (if somebody has this link please re-post it - I lost it) Regards Paul -------------------------------------------------------------------------------------------- C. Paul Simons Corporate Network Services IHS Energy Group, Englewood, CO. Main:Direct:Fax:Mobile:Oliver Bogen <[email protected]> Sent by: To: [email protected] [email protected] cc: kpoint.com Subject: [FW1] unknown established TCP packet 16-11-00 10:40 Hey List, have a problem by getting the Error Message in the Log: Action: drop Rule:0 Info: reason: unknown established TCP packet the problem is, I updated from CP FW-1 4.1 SP1 to CP FW-1 4.1 SP2 on the 31 Oktober, so i can't believe, that this connection was established before updateing from SP1 --> SP2 ..... also my rulebase is already installed for 5 days so this schould also not be the problem ? does anyone know what the problem could be? Running on redundant NOKIA IP440 IPSO 3.2.1 via VRRP with NT Management thanks in advance Oliver -- Sent through GMX FreeMail - http://www.gmx.net ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|