[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Fw: unknown established tcp packet
I had something very similar with an SQL app. I suspect the TCP session timeout in the firewall has been made to work properly in more recent versions (I noticed this change when I went from 4.0 to 4.1SP3). I think the SQL app didn't generate any traffic at all if the user didn't ask for anything, but if the user then came back and made a new request, the app would then send the new data but still use the original TCP ports, sequence numbers etc. I got round this by raising the TCP timeout in the policy properties a bit, to a point where you could say if the user hadn't made any queries in that time then they should have logged out. Andrew Smith Network administrator Wiltshire Constabulary Mailto:[email protected] Tel. 01380-734034 Fax. 01380-734176 Pager. 07693-351781 -----Original Message----- From: Dorny [mailto:[email protected]] Sent: 26 July 2001 01:55 To: [email protected] Subject: [FW1] Fw: unknown established tcp packet Once again another e-mail titled unknown established tcp packet. I have looked through the list but I was not able to find a definitive solution for this error. Here is my problem after applying the latest check point service pack (SP4) I began seeing my logs fill up with dropped packets by rule 0 with the unknown TCP error. Now I have customers telling me that they cannot ssh, run restores, ect through their firewalls which upon further investigation I noticed that all the packets were being dropped by rule 0. I am also seeing lots of in-bound packet to customer web sites being dropped by rule 0 with the same error. None of this was happening when I was at SP 1 or 2. Anyone out there have a solution for this???? --Richard Dornhart ********************************************************************************************** This communication is intended for the person(s) or organisation named. It may be confidential, legally privileged and protected in law. The unauthorised disclosure, copying or use of this information may be unlawful. ********************************************************************************************** ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|