[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Date: Fri, 24 Nov 2000 09:08:27 -0700
We have a lot of "message SYNDefender warning SYN->SYN-ACK->RST" in fw log. The SRC is an internal machine and the DST is the internal IP of the FW. The src port is the ahttpd. This internal machine uses http to access internet with http resource and a CVP server. The log entries are like: Inter.=daemon Action=reject Src=internal-box Dst=FW-internal-IP Rule=0 info.= the sync warning as above. When turn off the Passive Sync Gateway. The error changed to: Inter.= -->internal-interface Action=drop Src=internal-box Dst=FW-internal-IP Rule=stealth rule info.= len40 The FAQ in TLA site indicates this is related to the passive sync defender but there is no work around suggested. (See http://www.tla.ch/TLA/FW/FW1FAQ.html#log%20file) My questions are: 1. Why our internal box aware the existence of the FW? 2. HTTP secure server in.ahttpd is listening to a high port and anyone can connect if there is not a stealth rule. Why this is need? We are not running the secure server as proxy. 3. Is there a solution/workaround for the syndefender message? I am sure our internal box will not DOS the FW. Ken ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|