Re: [FW-1] Very drops with message: Unknown established tcp packe t

To: [email protected]

Subject: Re: [FW-1] Very drops with message: Unknown established tcp packe t

From: "Jarmoc, Jeff" <[email protected]>

Date: Thu, 18 Apr 2002 13:39:33 -0500

Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>

Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Take a look at http://www.phoneboy.com/faq/0408.html

Jeff Jarmoc - CCSA, CCNA, MCSE

Network Analyst - Grubb & Ellis

[email protected]

-----Original Message-----
From: turenne [mailto:[email protected]]
Sent: Wednesday, April 17, 2002 7:48 PM
To: [email protected]
Subject: [FW-1] Very drops with message: Unknown established tcp packet

Hello

I need help, please !!!

I have two boxes Nokia IP330 with VRRP run FW-1 v.41 sp5 + hotfix - ipso 3.4.1.

See MYnetwork topology:

                                              -----------------

                                              |  internet   |

                                              ----------------     (tcp/ip)

                                                      |

                             --------------------------------------------------------

                             |  (master)                                         | (backup)

                      ---------------                                       ---------------

                        router X --------------- HSRP-------------     router Y

                       ---------------                                        ---------------

                              +++++++++                +++++++++

                                            ---!-----------------!-----

                                                   HUB

                                            ------------------------

                                                       !

                                            ------------------------

                                                SWITCH L2

                                             ---!---------------!-----

                               +++++++++               +++++++++

                       ---------!--------                                  --------!---------

                        IP330         -------VRRP ------ -----      IP330

                       ---------|-------                                    -------|----------

                                ++++++++                  ++++++++
                                            ---!-------------------!--

                                                SWITCH L2

                                             ---!------------------!--

                                                        +

                                                        + (tcp/ip)

                                             ------------|---------------

                                                MQ SERIES         (NAT) 10.X.X.X -----> 200.X.X.X

                                                     (IBM)

                                              -------------------------

To begin with I have very drop's connections in rule 0 :   Internet Users ----->   MQSeries   or     MQSeries --------> Internet Users   message: unknown established tcp packet I have no idea. My friend said: The tcp/ip - sync --- ack   ---syn-ack . When the two devices are out of sync (the Application MQ and Client Extern)the session is lose. Is it true? Why firewall drop connection?

Thanks. Best regards.

Tutu