[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Firewall logs
> 1. Has anyone come across this web site trying to connect > to internal > machines?. If so any explanations? No, I haven't seen this type of behaviour, don't know what it is. > 2. Why does the fw drop the connection with "unknown established TCP > packet" ?. Because it is just that. The packet comes in claiming to be part of a TCP connection. The connection it refers to is probably the original connection, which is dead and gone, long time ago. The remote webserver is not trying establish a connection, it is trying to continue sending via the old connection. > Then why does it allow to establish a initial connection since this connection > should never have been made as it is not allowed to access the proxy server ? You answered this yourself: One of your internal clients has visited the website. That's your TCP connection, which was perfectly valid, since your users have access to your proxy server. You user has closed the connection, but for some reason, the website still think it's going. I see plenty of incoming packets from websites here too, after users have disconnected, but they don't keep on coming forever, though. Cheers, Anders :) ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|