NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Rule 0



You also get Rule 0 kicking in if a packet wants to go a certain route that is
not defined inside the operating system.
 

Matthias Leu wrote:

Hi,
even if you don't install Anti-Spoofing you may get drops by rule 0.
This may be the case if you have checked logging for IP packets with entries in the
Options field in the header or - esp. 4.1 SP2 - if there are packets with ACK set
that the FW doesn't "know" in it's State Tables (reason: Unknown established TCP
packet).
Take a look in the Log Viewer's Info field on the very right side. In most of the
cases you get further information here.
Hope it helps
Best regards
Matthias

Estela Ruiz wrote:

> Hi,
>
> I haven't got implemented the Anti-Spoofing in my Firewall-1 v4.1, and I can
> see dropped packets by rule 0.
> How is it possible?
>
> Thanks in advance,
> Estela.
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>               http://www.checkpoint.com/services/mailing.html
> ================================================================================

-- 
Barry W. Kokotailo
Senior Unix Systems AdministratorPGP =  71 71 96 A3 C0 C2 23 7A  23 4E D4 04 8C E0 42 6B  B0 2D D1 A5
 


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.