[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] SYNDefender messages
Hi, Env: FW1 with SYN Gateway enabled, timeout 10 secs. In my FW-1 log the following 'reject' messages appear from time to time 1) SYNDefender warning: SYN->SYN/ACK->Timeout 2) SYNDefender warning: SYN->SYN/ACK->RST Both have been seen with the client outside the firewall and the server inside. Nr 2 has also been seen with a client inside the firewall and the server outside. After having done some investigation I have come to the conclusions - that number 1 is logged when no ACK message the client has been seen at the firewall after 10 seconds. The reject message is timestamped 10 secs later that the matching 'accept' which is in accordance with my timeout value. - that number 2 is logged when client sends a RST message to the server. The reject message is also timestamped 10 secs later that the matching 'accept' in this case. The clients are not likely to wait 10 secs and they don't know my timeout value. Are my conclusions correct? Why is number 2 always timestamped 10 secs after the 'accept'? TIA Best regards Jan Straegaard ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|