[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Connection table and asymmetric routing
Hello all, We have 2 Internet connections. -one which is to the Internet (provided by our division which also happens to run Firewall-1 4.1SP3) -one which is to Internet2 (provided by an ISP) Due to many routing problems between network providers on Internet/Internet2, we see a lot of asymmetric routing. For example the SYN packet comes in via Internet2 and SYN-ACK goes out via the Internet (and the division firewall) which never saw the SYN packet. So it terminates the connection. Is there a way to instruct the division firewall to selectively bypass the connection table lookup based on the src/dst IP address. (I know you can define ALLOW_NON_SYN_RULEBASE_MATCH to skip the table completely, but this is not an option for the other sections in the division) We would need to selectively skip the connection table. Thanks in advance, Jim Lang __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|