[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] unknown established packets
- To: [email protected]
- Subject: Re: [FW-1] unknown established packets
- From: "Baldin, Vince" <[email protected]>
- Date: Fri, 18 Oct 2002 09:06:34 -0500
- Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-Index: AcJ2rrZzwSfmU5k9TleYUmNAVPNeEwAAJSaA
- Thread-Topic: Re: [FW-1] unknown established packets
Is it common to have to change the timeout value from the default? I see it happen pretty frequently, and it's not a routing problem. Do you know of a best value?
-----Original Message-----
From: Sean Swart [mailto:[email protected]]
Sent: Friday, October 18, 2002 8:39 AM
To: [email protected]
Subject: Re: [FW-1] unknown established packets
This is erasing the traces of a problem, NOT solving it. The errors are
there for a reason?
Solution
fix that routing.
This is indicative of poor or bad routing. Unkown established packets
are because of two primary reasons (others exist).
1 timeout values are low/the state table for the firewall is
depleting quickly (not the most common issue)
2 packets leave one interface and return via another (the most common
cause and is routing related)
I suggest you look carefully at those logs and you will find a packet
leaves one interface and return via another.
Also look at things like the Natting. Are you Hiding your network behind
an interface with a public IP or do you have a public IP on your
internal interface on wich you are Natting? If this is the case look at
your install on section for rules, some would indicate check packet in
each direction other only INBOUND or OUTBOUND etc.
Sean
Girish Dixit wrote:
> hi,
>
> this can b resolve by editing the file $FWDIR/lib/fwui_head.def
>
> there is a line in this file:
>
> # define_allow_non_sync_rulebase_match #
>
> you will have to uncomment this line to care of this issue.
>
> Regards,
> -Girish
>
> -----Original Message-----
> From: Jochen Vogel [mailto:[email protected]]
> Sent: Thursday, October 17, 2002 12:14 PM
> To: [email protected]
> Subject: [FW-1] unknown established packets
>
> hi,
>
> i have an 4.1 and problems with broken pipes in sql connections.
> if i watch the logs i can see a lot of unknown established packets
> for sql and http connections.
> is the firewall or the session the problem?
> what can i do?
>
> thx for help
> Jochen
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================