|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Syn for established connection
Hi everyone ! Just want to know does anyone encounter a "SYN packet for established connection" error in NG fp2? actually i read an article by David Grabowski- about what he learned in FW-1 state table..that an established TCP session will by default have a lifetime of 3600 sec. and every packet traverse will reset the timer..After the session will closed (via FIN or RSt packet) it enters a "half-closed" state..the lifetime is 50 sec. the problem is the Device im using uses a statically coded source port for its communication and there is no way we can reconfigure this. if a new syn connection is attemted and matches the established connection it is dropped by the FW-1. In version FW-1 4.1 this syn packet will be match against the rulebase..does anyone knows how to revert the behavior of NG to 4.1 on how it handles a syn connection or a workaround. _____________________________________________________________ Where you'll find everything under the Sun for the Sun.......www.SunGuru.com _____________________________________________________________ Promote your group and strengthen ties to your members with [email protected] by Everyone.net http://www.everyone.net/?btn=tag ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
