I ran
into exactly the same situation when I upgraded to SP3. Check out http://www.phoneboy.com/faq/0408.html.
As of SP3, the default is to drop packets for connections not in the connection
table. Prior to SP3, it would try to match up the connection with an existing
rule. The FAQ has you uncomment the line "#define ALLOW_NON_SYN_RULEBASE_MATCH"
in fwui_head.def, and re-push the policy.
Now,
if someone could tell me why the connections are falling out of the connection
table so soon, that would help.
Ray Lodato NEF
Information Services
[email protected]
Once again another e-mail titled unknown established tcp packet. I
have looked through the list but I was not able to find a definitive
solution for this error. Here is my problem after applying the latest
check point service pack (SP4) I began seeing my logs fill up with dropped
packets by rule 0 with the unknown TCP error. Now I have customers
telling me that they cannot ssh, run restores, ect through their firewalls
which upon further investigation I noticed that all the packets were being
dropped by rule 0. I am also seeing lots of in-bound packet to
customer web sites being dropped by rule 0 with the same error. None
of this was happening when I was at SP 1 or 2. Anyone out there have
a solution for this????
--Richard Dornhart
|