Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] RE: unknown established tcp packet

To: <[email protected]>
Subject: RE: [FW1] RE: unknown established tcp packet
From: "Mark Decker" <[email protected]>
Date: Tue, 31 Jul 2001 14:41:06 -0700
Importance: Normal
In-reply-to: <[email protected]>
Sender: [email protected]

This is just a wild guess, but are you running on Nokia IPSO with Flows
enabled?  If so, perhaps your problem could be related to this one:

http://www.securityportal.com/list-archive/fw1/2001/Jun/0391.html

-m

----- Original Message -----
From: Ray Lodato

I ran into exactly the same situation when I upgraded to SP3. Check out
http://www.phoneboy.com/faq/0408.html. As of SP3, the default is to drop
packets for connections not in the connection table. Prior to SP3, it
would try to match up the connection with an existing rule. The FAQ has
you uncomment the line "#define ALLOW_NON_SYN_RULEBASE_MATCH" in
fwui_head.def, and re-push the policy.

Now, if someone could tell me why the connections are falling out of the
connection table so soon, that would help.



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] solaris 8 kernel message in /var/adm/messages
Next by Date: [FW1] VPN-1 questions
Previous by thread: [FW1] solaris 8 kernel message in /var/adm/messages
Next by thread: [FW1] VPN-1 questions
Index(es):
- Date
- Thread