[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Unknown established tcp packet
Hi, I read your answer to the FAQ: "I see the following messages over and over in my logs with a drop on rule 0: unknown established TCP packet" and it really seemed to match with my problem, so I did what you suggested: "In 4.1, you can revert to the old behaviour by adding the following to $FWDIR/lib/fwui_head.def: #define ALLOW_NON_SYN_RULEBASE_MATCH" The action didn't fix the problem (I still can see many logged messages under rule 0 with the same reason). I need to find out a fix not because of a problem with a possibly out of control growth of the log file (in fact, in this case, I would have disabled logging of those packets by commenting out the "#define CLUSTER_RULEBASE_MATCH_LOG" line in the fwui_head.def file), but because of a problem with the tcp sessions itself. In particular, there is a tcp session going through the FW between two routers (dlsw session) that must be always active. Every a couple of hours the session resets (coincident with the log message on the FW), causing all the sessions based on the dlsw one to reset. Note that this behaviour started exactly from the moment I upgraded from FW-1 4.0 SP5 and Nokia ipso 3.2.1 to FW-1 4.1 SP3 and Nokia ipso 3.3 SP3, while with the previous version the tcp session has always remained active. The service in the log entry is dlsrpn. Thanks really a lot begin:vcard n:La Monica;Luca tel;work:+39(0)2-48400862 x-mozilla-html:FALSE org:RITA Srl;Ufficio Networking adr:;;;;;; version:2.1 email;internet:[email protected] fn:Luca La Monica end:vcard
|