| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] "th_flags 2 message_info SYN for established connection" Message
- To: [email protected]
- Subject: Re: [FW-1] "th_flags 2 message_info SYN for established connection" Message
- From: "Cihan Subasi (Garanti Teknoloji)" <[email protected]>
- Date: Thu, 24 Jul 2003 15:50:38 +0300
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-index: AcNR3hrq1N6CZs0iTJSTVQXeUijXUgAA3oVQ
- Thread-topic: [FW-1] "th_flags 2 message_info SYN for established connection" Message
According to the Resolution 14805 of Nokia, The firewall receives a new connections with the same port/service as a connection that was recently closed. (and because that is still in session table of the firewall, firewall drops this session), the solution of it (again it is in the resolution) is decrease the tcpendtimeout so that the firewall clears up the session table faster...
-----Original Message-----
From: Haris Klitiropoulos [mailto:[email protected]]
Sent: Thursday, July 24, 2003 2:59 PM
To: [email protected]
Subject: Re: [FW-1] "th_flags 2 message_info SYN for established
connection" Message
Hello,
it is not a matter of speed or lack of it, so increasing the timeout
won't fix it. According to the message you get on your log, you have an
already established connection (the 3-way handshake for that session has
been completed). Your firewall intercepts a packet of that session that
has SYN flag enabled and drops it. Packets with the SYN flag enabled are
used only during the initialisation of the TCP session and never during
an already established session. You should check why these packets
appear in the first place. It shouldn't be the firewall's fault.
Cihan Subasi (Garanti Teknoloji) wrote:
>Hi,
>
>I am getting the message in the subject field ( th_flags 2 message_info SYN for established connection) for some our clients, after doing a quick research I found out that those are mostly GPRS customers (and I guess they are slower than usual), as a solution to that, would it be enough to play with "tcpendtimeout" using dbedit or there are other things that I need to do? Thanks
>
>***********************************************************
>Cihan SUBASI
>Garanti Technology
>Internet ve Yazilim Hizmetleri
>Tel:(90)GSM:(90)(533)(2750353)
>Fax:(90)>http://www.garantitechnology.com <http://www.garantitechnology.com/>
>mailto:[email protected]
>***********************************************************
>
>
>
>This message and attachments are confidential and intended solely for the individual(s) stated in this
>message.If you received this message although you are not the addressee you are responsible to keep
>confidential the message.The sender has no responsibility for the accuracy or correctness of the
>information in the message and its attachments.Our company shall have no liability for any changes
>or late receiving,loss of integrity and confidentiality,viruses and any damages caused in
>anyway to your computer system.
>
>Bu mesaj ve ekleri mesajda gonderildigi belirtilen kisi/kisilere ozeldir ve gizlidir.Bu mesajin muhatabi
>olmamaniza ragmen tarafiniza ulasmis olmasi halinde mesaj iceriginin gizliligi ve bu gizlilik yukumlulugune
>uyulmasi zorunlulugu tarafiniz icin de soz konusudur.Mesaj ve eklerinde yer alan bilgilerin dogrulugu ve
>guncelligi konusunda gonderenin ya da sirketimizin herhangi bir sorumlulugu bulunmamaktadir.Sirketimiz
>mesajin ve bilgilerinin size degisiklige ugrayarak veya gec ulasmasindan, butunlugunun ve gizliliginin
>korunamamasindan, virus icermesinden ve bilgisayar sisteminize verebilecegi herhangi bir zarardan
>sorumlu tutulamaz.
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to [email protected]
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>[email protected]
>=================================================
>
>
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
This message and attachments are confidential and intended solely for the individual(s) stated in this
message.If you received this message although you are not the addressee you are responsible to keep
confidential the message.The sender has no responsibility for the accuracy or correctness of the
information in the message and its attachments.Our company shall have no liability for any changes
or late receiving,loss of integrity and confidentiality,viruses and any damages caused in
anyway to your computer system.
Bu mesaj ve ekleri mesajda gonderildigi belirtilen kisi/kisilere ozeldir ve gizlidir.Bu mesajin muhatabi
olmamaniza ragmen tarafiniza ulasmis olmasi halinde mesaj iceriginin gizliligi ve bu gizlilik yukumlulugune
uyulmasi zorunlulugu tarafiniz icin de soz konusudur.Mesaj ve eklerinde yer alan bilgilerin dogrulugu ve
guncelligi konusunda gonderenin ya da sirketimizin herhangi bir sorumlulugu bulunmamaktadir.Sirketimiz
mesajin ve bilgilerinin size degisiklige ugrayarak veya gec ulasmasindan, butunlugunun ve gizliliginin
korunamamasindan, virus icermesinden ve bilgisayar sisteminize verebilecegi herhangi bir zarardan
sorumlu tutulamaz.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
