[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Unknown established TCP packet
Hello, I have had problems with this new feature on FW-1 4.1 SP3 (Linux). As far as I have learnt from Lance Spitzner, Phoneboy and this list it is supposed to drop non-syn packets that are not an established connection as far as the firewall is concerned (part state table). This causes some problems. Client/Server applications using database platforms like Oracle will have to reconnect, but will not work after reconnection properly because of cursors (pointers). Is it possible or recommendable to increase the TCP timeout beyond TCP keepalive. And is TCP keepalive among the packets that will reset the timeout timer of the state tables? Unless I do so I will have to disable Checkpoints new feature. Also, there seem to be bugs in the implementation of this feature, at least as far as the Linux version is concerned. Just look at this log export: "11435" "21May2001" "13:36:45" "eth2" "localhost" "log" "accept" "924" "nille.abcde.xy" "ulysses.abcde.xy" "tcp" "3" "930" "" "" "" "" "" "" "" "" "" "firewall" " len 48" The line says that TCP port 924 source port 930 is accepted. Then less than three minutes later: "11532" "21May2001" "13:39:01" "eth2" "localhost" "log" "drop" "924" "nille.abcde.xy" "ulysses.abcde.xy" "tcp" "0" "930" "" "" "" "" "" "" "" "" "" "firewall" " reason: unknown established TCP packet" Packet with same TCP port and source port is dropped due to the "fact" that is is not part of an established connection. I cannot see what I have done to make this happen. To me it looks like nothing less than a bug. Gandalf. _______________________________________________________________________ Get your free @pakistanmail.com email address http://pakistanmail.com ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|