Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Fw: unknown established tcp packet

To: "Greene, Todd" <[email protected]>, "'Smith, Andrew'" <[email protected]>, "'Dorny'" <[email protected]>
Subject: Re: [FW1] Fw: unknown established tcp packet
From: "Aylton Souza, CISSP" <[email protected]>
Date: Wed, 15 Aug 2001 18:07:15 -0300
Cc: "'[email protected]'" <[email protected]>
References: <2465C232C529D21193CB0008C724C2DE0567D3F1@dcr-xchg-b.carolinas.org>
Sender: [email protected]

Title: RE: [FW1] Fw: unknown established tcp packet

Hi friends,

I have talked about unknown established packets with several people, and maybe I have one more suggestion to help:

Check if you don't have duplicate objects / services. If so, it may be part of the problem

\Best regards

aylton

----- Original Message -----

From: Greene, Todd

To: 'Smith, Andrew' ; 'Dorny'

Cc: '[email protected]'

Sent: Tuesday, August 07, 2001 10:27 AM

Subject: RE: [FW1] Fw: unknown established tcp packet

Many problems here since SP4.

HTTP
FTP
SSH
Telnet
SMTP

You name it, we are having issues with it.

It seems as though there is some sort of delay between the time we connect to a device and when the response is actually received. A latency through the firewall of some sort.

When Telnetting to Port 25 of a external mail server, I get ~ 90sec delay. Mail can't be delivered if it cannot connect. I've proven it is a FW1 issue by eliminating everything else in our system. BTW, a fw monitor showed only half of the data that should have been there. It is suppose to capture date from 4 places (Inbound -before/after rulebase and Outbound -before/after rulebase), but it only had data from 2.

CP's bench support has no answers for me as of yet and may push this to Israel. I asked them to look at this Listserv to see all of us that are complaining of SP4 issues.

If I get an answer from them, I'll pass it along. We may have to revert back to SP3, things are not looking good!

Todd

-----Original Message-----
From: Smith, Andrew [mailto:[email protected]]
Sent: Friday, July 27, 2001 10:26 AM
To: 'Dorny'
Cc: '[email protected]'
Subject: RE: [FW1] Fw: unknown established tcp packet
Importance: Low

I had something very similar with an SQL app. I suspect the TCP session
timeout in the firewall has been made to work properly in more recent
versions (I noticed this change when I went from 4.0 to 4.1SP3). I think the
SQL app didn't generate any traffic at all if the user didn't ask for
anything, but if the user then came back and made a new request, the app
would then send the new data but still use the original TCP ports, sequence
numbers etc.

I got round this by raising the TCP timeout in the policy properties a bit,
to a point where you could say if the user hadn't made any queries in that
time then they should have logged out.

Andrew Smith
Network administrator
Wiltshire Constabulary
Mailto:[email protected]
Tel. 01380-734034
Fax. 01380-734176
Pager. 07693-351781

-----Original Message-----
From: Dorny [mailto:[email protected]]
Sent: 26 July 2001 01:55
To: [email protected]
Subject: [FW1] Fw: unknown established tcp packet

Once again another e-mail titled unknown established tcp packet. I have
looked through the list but I was not able to find a definitive solution for
this error. Here is my problem after applying the latest check point
service pack (SP4) I began seeing my logs fill up with dropped packets by
rule 0 with the unknown TCP error. Now I have customers telling me that
they cannot ssh, run restores, ect through their firewalls which upon
further investigation I noticed that all the packets were being dropped by
rule 0. I am also seeing lots of in-bound packet to customer web sites
being dropped by rule 0 with the same error. None of this was happening
when I was at SP 1 or 2. Anyone out there have a solution for this????

--Richard Dornhart

**********************************************************************************************
This communication is intended for the person(s) or organisation named.
It may be confidential, legally privileged and protected in law.
The unauthorised disclosure, copying or use of this information may be unlawful.
**********************************************************************************************

================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
*********************************************************************** This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete the material from any computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information it contains. Thank you.

References:
- RE: [FW1] Fw: unknown established tcp packet
  - From: "Greene, Todd" <[email protected]>

Prev by Date: Re: [FW1] Routing in NT with 3 nic's
Next by Date: [FW1] W2K upgrade?
Previous by thread: RE: [FW1] Fw: unknown established tcp packet
Next by thread: RE: [FW1] Fw: unknown established tcp packet
Index(es):
- Date
- Thread