[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] inspect code for stateless traffic - FAST MODE
- To: [email protected]
- Subject: [FW-1] inspect code for stateless traffic - FAST MODE
- From: Petra Klein <[email protected]>
- Date: Tue, 12 Nov 2002 09:55:52 +0100
- Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-Index: AcKKHupM02FcefZTEdaEVQCAX6bDXAAB0LkQ
- Thread-Topic: Mailing List
Hi List,
We have a Firewall-1 4.1 SP-6 and have some problems with a tcp service in
fast mode. We have defined a TCP service and named it TCP-XXX-stateless
and have enabled the fast mode option. The problem is when other services
uses this port as a source port the firewall drops the packets with the info:
reason: port belonging to service in TCP fast Mode, TCP-XXX-stateless.
Why does it use the stateless service, we have another TCP service TCP-XXX
without fast mode. Does the firewall use the service with most options set?
In this cast the fast mode feature.
We only want to use the stateless service as a destination port not to match on a
source port, is there some way to write an user-defined service and use the
fast mode option?
Help is appreciated!
Regards
Petra
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================