[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] unknown established tcp packet
Not sure but if the problem is the "unknown established tcp packet" then it can be fixed. Check the http://www.phoneboy.com/faq/0408.html Kind Regards Pantelis Cedric wrote: > Hello MikeCC, > > M> I have been trying to get this answer for weeks. I have run into this very > M> problem, packets being dropped that should not be dropped and the log > M> displaying the "unknown established tcp packet" error. > > I ran (and am still running) into the same problem on five > completely different firewalls. > > I'd like to add that "reverting to 4.0 situation" does NOT solve this > problem of "packets dropped that should not be". You just end up with > the answer beeing refused, and logged. (If you enable that in the > policy properties.) > > Client connect to a server behin your firewall, connection is > established (both on the client, the server, and it the state table) > and after "a while" (around 2 minutes) the firewall will drop anything > that the server emits towards the client on that previously > established tcp session. Same happens even with timeout on 3600sec. > > Anyway, I hate writing long E-mails to explain a bug in a software > that'll get unanswered by Checkpoint anyway. > > Does checkpoint find this situation acceptable ? > > I guess this problem will disappear with SP4, much like another > unacceptable bug report I did about Floodgate-1 4.1 SP3 crashing > twice a day on Sun E220R servers. > > -- > Best regards, > Cedric mailto:[email protected] > CCSE, CCSA, and hopefully gonna replace all of this by IPfilter. > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|