NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] TCP Sequence validator problem



Thanks Marc

I did disable the TCP Sequence validator and it is quiet now. There seem to
be a lot of thing on by default in Smart Defence and it provides little
information in the log viewer as to what is dropping the packets.

Thanks for feedback.
----- Original Message -----
From: "Marc Elsen" <[email protected]>
To: <[email protected]>
Sent: Thursday, February 06, 2003 2:37 PM
Subject: Re: [FW-1] TCP Sequence validator problem


> > Dave Whitehouse wrote:
> >
> > I am getting a lot of errors reported in the log as follows:
> >
> > "TCP sequence validator: dropped packet with data out of window;"
> >
> > The firewall is Solaris 8 and NG FP2.
> >
> > I have disabled the logging TCP sequence out of state errors in the
> > global properties.
> >
> > Has anyone else seen this and has any one got any ideas how to get rid
> > of it ?
>
>   Probably by disabling the sequence verifier for TCP in SmartDefense
>  settings (I am on FP3). Or in FW. properties whatever the FP2
>  term would be (God bless).
>
>  I have been experimenting a  little bit the with the sequence
>  verifier in FP3.
>  I noticed the same thing as you , when initially using it
>  with default options for packets originating from my web cache
>  box (squid) going to remote webservers on the internet.
>
>  Since, this box has been working flawless for years. I decided
>  that Mr. 'Sequence verifier' may not always behave correct.
>
>  I then changed the 'Track on' value from 'anomalous' to suspicous , and
>  it didn't complain anymore in the logviewer.
>
>  Not that disabling logging of actions of this facility may in
>  case of wrong behavior to you not noticing thet fw-1 is dropping
>  packets which should not be dropped.
>
>  M.
> >
> > We have a packet shaping device on one side of the firewall and
> > wondered if this could be causing the problem as alters the windowing
> > of packets.
> >
> > Any thoughts would be appreciated.
> >
> > Regards
> >
> > Dave Whitehouse
>
> --
>
>  'Time is a consequence of Matter thus
>  General Relativity is a direct consequence of QM
>  (M.E. Mar 2002)
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.