[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] RE: unknown established tcp packet
I have encountered the same problem too (in Jan), I have no choice but to uncomment the line as mentiones in the phoneboy faq. Has anyone try to contact Checkpoint on this issue? I have tried over here, but no results. This problem started in SP2, it is supposed to be a "better way" to secure the state table, but yet it gives more problems. It seems to me, SP4 has the same problem, I thought SP4 should have solve this problem. What about duplicate objects? can you please elaborate more on this? I guess lots of ppl are interested in this. regards Thomas -----Original Message----- From: Aylton Souza, CISSP [SMTP:[email protected]] Sent: Friday, July 27, 2001 9:28 PM To: Ray Lodato; 'Dorny'; [email protected] Subject: Re: [FW1] Fw: unknown established tcp packet Guys, I have worked with several cases in which the problem was related to duplicate objects and it caused this behavior, I suggest you take a look on that. Best regards aylton ----- Original Message ----- From: Ray Lodato To: 'Dorny' ; [email protected] Sent: Thursday, July 26, 2001 5:23 PM Subject: RE: [FW1] Fw: unknown established tcp packet I ran into exactly the same situation when I upgraded to SP3. Check out http://www.phoneboy.com/faq/0408.html. As of SP3, the default is to drop packets for connections not in the connection table. Prior to SP3, it would try to match up the connection with an existing rule. The FAQ has you uncomment the line "#define ALLOW_NON_SYN_RULEBASE_MATCH" in fwui_head.def, and re-push the policy. Now, if someone could tell me why the connections are falling out of the connection table so soon, that would help. Ray Lodato NEF Information [email protected] -----Original Message----- From: Dorny [mailto:[email protected]] Sent: Wednesday, July 25, 2001 8:55 PM To: [email protected] Subject: [FW1] Fw: unknown established tcp packet Once again another e-mail titled unknown established tcp packet. I have looked through the list but I was not able to find a definitive solution for this error. Here is my problem after applying the latest check point service pack (SP4) I began seeing my logs fill up with dropped packets by rule 0 with the unknown TCP error. Now I have customers telling me that they cannot ssh, run restores, ect through their firewalls which upon further investigation I noticed that all the packets were being dropped by rule 0. I am also seeing lots of in-bound packet to customer web sites being dropped by rule 0 with the same error. None of this was happening when I was at SP 1 or 2. Anyone out there have a solution for this???? --Richard Dornhart ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|