|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] unknown established tcp packet
Usually this happens after the default timeout. The latest versions can't do a recovery of timed out sessions. Add (or uncomment) the following line in $FWDIR/lib/fwui_head.def: #define ALLOW_NON_SYN_RULEBASE_MATCH Doing this will allow TCP Non-SYN packets to go through the rulebase. Elmar van Mourik ZHEW System Mangement [email protected] > -----Original Message----- > From: MikeCC [mailto:[email protected]] > Sent: Wednesday, March 14, 2001 3:01 PM > To: [email protected] > Subject: [FW1] unknown established tcp packet > > > > Hello, > > I am running Nokia firewalls, IPSO 3.3 FW-1 4.1 sp2. > > When I telnet, ssh or http, basically any tcp session to a > server behind > the firewall I see the packet from my workstation go through. > However, I > then see the return packet dropped on rule 0 with the > message, unknown tcp > established packet. > > I temporarily turned off flows to see if I was somehow > running into the > problem of the flows table not having the table correctly > built. But that > did not alleviate the problem. > > Has anyone else seen this kind of behavior or have any suggestions? > > > MikeCC > http://atrek.org/mikecc > > > > ============================================================== > ================== > To unsubscribe from this mailing list, please see the > instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================== > ================== > ------------------------------ Dit e-mailbericht is uitsluitend bestemd voor de geadresseerde(n). Indien de e-mail bij vergissing bij u terecht is gekomen, wilt u ons dan berichten via [email protected]? Wij verzoeken u in dit geval de e-mail te vernietigen, de inhoud ervan niet te gebruiken en niet onder derden te verspreiden, omdat het bericht vertrouwelijke informatie kan bevatten. Aan dit bericht kunnen geen rechten worden ontleend inzake contractuele of wettelijke verplichtingen. Een opdracht of beschikking wordt alleen per post verzonden en ondertekend door daartoe bevoegd(e) perso(o)nen. This e-mail message is intended exclusively for the addressee. If the e-mail was sent to you by mistake, would you please contact us at [email protected]? In that case, we also request you to destroy the e-mail and to neither use the contents or disclose them in any manner to third parties, because the message can contain confidential information. This message can not lead to any contractual or legal obligation. ZHEW only order products and send official decisions on their official (hard copy) documents that are signed by authorised personnel only. Zuiveringsschap Hollandse Eilanden en Waarden, Dordrecht tel: +31 (0)78 6397100 fax: +31 (0)78 6311871 web: http://www.zhew.nl ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
