Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] unknown established tcp packet

To: "'Keith Hearn'" <[email protected]>, Fw-1-Mailinglist <[email protected]>
Subject: RE: [FW1] unknown established tcp packet
From: "Roelandts, Guy" <[email protected]>
Date: Thu, 3 May 2001 11:28:47 +0100
Sender: [email protected]

Check in the archives this has been discussed and answered quite a few
times.

Alos check on Phoneboy FAQ 408 it tell you what causes this and how to solve
it :

FireWall-1 has significantly changed how it deals with established TCP
connections. Whereas FireWall-1 versions prior to 4.1 SP2 used to try and
recover TCP connections for which it did not have a connections table entry,
it now simply drops these packets on the floor on rule 0 with this error
message. Earlier versions would also drop these packets and display this
message (or unknown reason code:12) <0355.html>, but only after an attempt
at recovering the connection failed. In 4.1, you can revert to the old
behaviour by adding the following to $FWDIR/lib/fwui_head.def: 
#define ALLOW_NON_SYN_RULEBASE_MATCH 
You can disable logging of these packets in FireWall-1 4.1 base or 4.1 SP1
by commenting out the following line in $FWDIR/lib/fwui_head.def (place two
forward slashes '//' in front of the line). 
#define CLUSTER_RULEBASE_MATCH_LOG 
In FireWall-1 4.1 SP2 and later, you would comment out the following line in
$FWDIR/lib/fwui_head.def: 
#define NON_SYN_RULEBASE_MATCH_LOG 

Met vriendelijke groeten - Bien à vous - Kind regards

Guy ROELANDTS
EMEA CS Internet Expertise Centre
Compaq Software Engineer - Belgium
E-mail : [email protected]
Tel: +32(02)729.77.44 (options  3 - 3 - 1)
Fax: +32(02)729.77.65

>  -----Original Message-----
> From: 	Keith Hearn [mailto:[email protected]] 
> Sent:	Wednesday, May 02, 2001 12:33 AM
> To:	Fw-1-Mailinglist
> Subject:	[FW1] unknown established tcp packet
> 
> I'm getting a massive amount of traffic being dropped by rule 0 with a
> reason of "unknown established tcp packet"
> 
> Has anyone seen this before?
> 
> I think it has to do with a routing problem.
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] event log
Next by Date: [FW1] logs CVP
Previous by thread: [FW1] unknown established tcp packet
Next by thread: Re: [FW1] unknown established tcp packet
Index(es):
- Date
- Thread