[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Fw: unknown established tcp packet
> Dorny wrote: > > Once again another e-mail titled unknown established tcp packet. I > have > looked through the list but I was not able to find a definitive > solution for > this error. Here is my problem after applying the latest check point > service pack (SP4) I began seeing my logs fill up with dropped packets > by > rule 0 with the unknown TCP error. Now I have customers telling me > that > they cannot ssh, run restores, ect through their firewalls which upon > further investigation I noticed that all the packets were being > dropped by > rule 0. I am also seeing lots of in-bound packet to customer web > sites > being dropped by rule 0 with the same error. None of this was > happening > when I was at SP 1 or 2. Anyone out there have a solution for > this???? > > --Richard Dornhart > Unfortunately, i have no solution, but i want to say that i meet same problem this week. Last week i have installed SP4 version of FW1 (Version 4.1 Build 41862) . It worked fine during one week untill i added in $FWDIR/lib/init.def #define FTP_CONTROL_TIMEOUT 30 I tried this because of FTP exchange through the FW1 and an ISDN link behind, which fails before ISDN link is mounted. Connected to fw. 220 aftpd:Check Point FireWall-1 Secure FTP server running on fw1 331 aftpd: FireWall-1 password: you can use password@FW-1-password 413-aftpd:User datalink authenticated by FireWall-1 authentication 413 aftpd:Connection to ..xxx.xxx failed Login failed. 421 Service not available, remote server has closed connection Not connected. When ISDN link is up, some seconds later, i am able to connect to the site with FTP. As the modification of $FWDIR/lib/init.def did not fix this ISDN problem, i restaured the original file, and since this time i am unable to connect to an FTP server on DMZ, getting the "rule 0 reason: unknown established TCP packet" message. Any suggestion will be welcome. -- Bernard RAOUL. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|