| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] TCP out of state and install policy
If for ***any reason*** VRRP is transitioning, there exists the possibility
that traffic may depart through one firewall and return through another. If
the state tables have not had time to synchronize, then the return packet
will cause the error you are seeing because the "initial" packet was not
seen by the firewall in question.
This is not the only reason which would cause that error, but it is
certainly a possibility.
Once VRRP has reached a stable state ("settled"), this should no longer
happen if VRRP/Monitored Circuit is configured correctly because traffic
should be departing and returning through the same firewall.
Sorry for the lazy language.
Regards
Bill
----- Original Message -----
From: "Raymond N" <[email protected]>
To: <[email protected]>
Sent: Friday, August 30, 2002 12:26 PM
Subject: Re: [FW-1] TCP out of state and install policy
> Yes, I am using VRRP, but what do you mean by VRRP settling?
> Thanks.
>
> At 01:22 PM 8/29/02 -0400, Bill wrote:
> >are you using vrrp? if so, you are probably seeing this as a result of
vrrp
> >settling.
> >
> >
> >----- Original Message -----
> >From: "Raymond N" <[email protected]>
> >To: <[email protected]>
> >Sent: Wednesday, August 28, 2002 7:58 PM
> >Subject: [FW-1] TCP out of state and install policy
> >
> >
> >> Hi there,
> >> My firewall version is NG FP2. I notice that every time I install a
> >policy
> >> to the firewall module, the log will show a drop entry because of "TCP
> >> packet out of state". Is this normal? Is this a problem that I should
do
> >> something to solve it?
> >>
> >> Thanks.
> >>
> >> =================================================
> >> To set vacation, Out Of Office, or away messages,
> >> send an email to [email protected]
> >> in the BODY of the email add:
> >> set fw-1-mailinglist nomail
> >> =================================================
> >> To unsubscribe from this mailing list,
> >> please see the instructions at
> >> http://www.checkpoint.com/services/mailing.html
> >> =================================================
> >> If you have any questions on how to change your
> >> subscription options, email
> >> [email protected]
> >> =================================================
> >
> >=================================================
> >To set vacation, Out Of Office, or away messages,
> >send an email to [email protected]
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email
> >[email protected]
> >=================================================
> >
> >
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
