NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Unknown established tcp packet



Hi,
I read your answer to the FAQ:
"I see the following messages over and over in my logs with a drop on
rule 0:
unknown established TCP packet"
and it really seemed to match with my problem, so I did what you
suggested:
"In 4.1, you can revert to the old behaviour by adding the following to
$FWDIR/lib/fwui_head.def:
#define ALLOW_NON_SYN_RULEBASE_MATCH"
The action didn't fix the problem (I still can see many logged messages
under rule 0 with the same reason).
I need to find out a fix not because of a problem with a possibly out of
control growth of the log file (in fact, in this case, I would have
disabled logging of those packets by commenting out the "#define
CLUSTER_RULEBASE_MATCH_LOG" line in the fwui_head.def file), but because
of a problem with the tcp sessions itself.
In particular, there is a tcp session going through the FW between two
routers (dlsw session) that must be always active.
Every a couple of hours the session resets (coincident with the log
message on the FW), causing all the sessions based on the dlsw one to
reset.
Note that this behaviour started exactly from the moment I upgraded from
FW-1 4.0 SP5 and Nokia ipso 3.2.1 to FW-1 4.1 SP3 and Nokia ipso 3.3
SP3, while with the previous version the tcp session has always remained
active.
The service in the log entry is dlsrpn.
Thanks really a lot
begin:vcard 
n:La Monica;Luca
tel;work:+39(0)2-48400862
x-mozilla-html:FALSE
org:RITA Srl;Ufficio Networking
adr:;;;;;;
version:2.1
email;internet:[email protected]
fn:Luca La Monica
end:vcard


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.