----- Original Message -----
Sent: Tuesday, August 07, 2001 10:27
AM
Subject: RE: [FW1] Fw: unknown
established tcp packet
Many problems here since SP4.
HTTP
FTP
SSH
Telnet
SMTP
You name it, we are having issues with it.
It seems as though there is some sort of delay between the
time we connect to a device and when the response is actually received.
A latency through the firewall of some sort.
When Telnetting to Port 25 of a external mail server, I get ~
90sec delay. Mail can't be delivered if it cannot connect. I've
proven it is a FW1 issue by eliminating everything else in our system.
BTW, a fw monitor showed only half of the data that should have been
there. It is suppose to capture date from 4 places (Inbound
-before/after rulebase and Outbound -before/after rulebase), but it only had
data from 2.
CP's bench support has no answers for me as of yet and may
push this to Israel. I asked them to look at this Listserv to see all of
us that are complaining of SP4 issues.
If I get an answer from them, I'll pass it along. We may
have to revert back to SP3, things are not looking good!
Todd
-----Original Message-----
From:
Smith, Andrew [mailto:[email protected]]
Sent: Friday, July 27, 2001 10:26 AM
To: 'Dorny'
Cc:
'[email protected]'
Subject:
RE: [FW1] Fw: unknown established tcp packet
Importance: Low
I had something very similar with an SQL app. I suspect the
TCP session
timeout in the firewall has been made to
work properly in more recent
versions (I noticed this
change when I went from 4.0 to 4.1SP3). I think the
SQL app didn't generate any traffic at all if the user didn't ask
for
anything, but if the user then came back and made
a new request, the app
would then send the new data
but still use the original TCP ports, sequence
numbers
etc.
I got round this
by raising the TCP timeout in the policy properties a bit,
to a point where you could say if the user hadn't made any queries in
that
time then they should have logged out.
Andrew Smith
Network administrator
Wiltshire Constabulary
Mailto:[email protected]
Tel. 01380-734034
Fax.
01380-734176
Pager. 07693-351781
-----Original Message-----
From: Dorny
[mailto:[email protected]]
Sent: 26 July 2001 01:55
To:
[email protected]
Subject:
[FW1] Fw: unknown established tcp packet
Once again another e-mail titled unknown established tcp
packet. I have
looked through the list but I was
not able to find a definitive solution for
this
error. Here is my problem after applying the latest check point
service pack (SP4) I began seeing my logs fill up with
dropped packets by
rule 0 with the unknown TCP
error. Now I have customers telling me that
they
cannot ssh, run restores, ect through their firewalls which upon
further investigation I noticed that all the packets were
being dropped by
rule 0. I am also seeing lots
of in-bound packet to customer web sites
being dropped
by rule 0 with the same error. None of this was happening
when I was at SP 1 or 2. Anyone out there have a
solution for this????
--Richard Dornhart
**********************************************************************************************
This communication is intended for the person(s) or
organisation named.
It may be confidential, legally
privileged and protected in law.
The unauthorised
disclosure, copying or use of this information may be unlawful.
**********************************************************************************************
================================================================================
To unsubscribe from this mailing
list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
***********************************************************************
This
electronic message may contain information that is confidential and/or legally
privileged. It is intended only for the use of the individual(s) and entity
named as recipients in the message. If you are not an intended recipient of
this message, please notify the sender immediately and delete the material
from any computer. Do not deliver, distribute or copy this message, and do not
disclose its contents or take any action in reliance on the information it
contains. Thank you.