Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] FW-1 and BorderManager 3.5

To: [email protected]
Subject: [FW-1] FW-1 and BorderManager 3.5
From: Jonathan Bautista <[email protected]>
Date: Thu, 21 Feb 2002 11:37:04 -0500
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

I am running Firewall-1 4.1 sp4 and Border Manager 3.5.  Not until
recently, I have been experiencing some troublesome situation with regards
to flood of ACK packets going through our internet segment and reducing
response time due to collision.

The situation seems to be this, the BorderManager on behalf of a user are
flooding the FireWall and HTTP sites with multiple ACK packets that has the
same sequence and acknowledgement number.  In return, the HTTP sites flood
us back with multiple ACK packets.  Again, the incoming ACK packet flood
has identical sequence and acknowledgement number.  Since these are valid
packets, each one goes through the firewall.  I'm not sure if the firewall
is analyzing each packet that is going through, but this is causing an
extreme slow down on the response of the firewall, thus resulting to some
packets from other source getting dropped.

Does anybody have any thoughts on how I can get around this?  Is there any
way where I can filter out this identical packets and dropped them if they
have an identical sequence and acknowledgement number?  This way, all these
packets will not have to go through the firewall.  If we are sending the
ACK packet to the destination address, why is the destination address
coming back to us with an ACK packet as well.  Is this normal?

Thank you in advance for any assistance.  Let me know if you need more
information.

Regards,
Jonathan

---------------------------------------------------------------------------
This e-mail message (including attachments, if any) is intended for the use
of the individual or entity to which it is addressed and may contain
information that is privileged, proprietary , confidential and exempt from
disclosure.  If you are not the intended recipient, you are notified that
any dissemination, distribution or copying of this communication is
strictly prohibited.  If you have received this communication in error,
please notify the sender and erase this e-mail message immediately.
---------------------------------------------------------------------------
Le présent message électronique (y compris les pièces qui y sont annexées,
le cas échéant) s'adresse au destinataire indiqué et peut contenir des
renseignements de caractère privé ou confidentiel. Si vous n'êtes pas le
destinataire de ce document, nous vous signalons qu'il est strictement
interdit de le diffuser, de le distribuer ou de le reproduire. Si ce
message vous a été transmis par erreur, veuillez en informer l'expéditeur
et le supprimer immédiatement.
---------------------------------------------------------------------------

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: [FW-1] AW: [FW-1]
Next by Date: Re: [FW-1] Firewall logs
Previous by thread: Re: [FW-1] AW: [FW-1]
Next by thread: [FW-1] FIREWALL scan IP
Index(es):
- Date
- Thread