[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] "th_flags 2 message_info SYN for established connection" Message
If this type of trafic is legitimate, you can try this. Modify the user.def file on the management station and enter the follwing line: deffunc user_accept_non_syn() { (src=x.x.x.x, dst=y.y.y.y) }; or if it's always the same port deffunc user_accept_non_syn() { dport = xx }; or you can try this if on a Nokia platform modzap fw_reuse_established_conn $FWDIR/boot/modules/fwmod.o <port> modzap fw_accept_syn_rst $FWDIR/boot/modules/fwmod.o <port> Good luck --- Haris Klitiropoulos <[email protected]> wrote: > Hello, > > it is not a matter of speed or lack of it, so > increasing the timeout > won't fix it. According to the message you get on > your log, you have an > already established connection (the 3-way handshake > for that session has > been completed). Your firewall intercepts a packet > of that session that > has SYN flag enabled and drops it. Packets with the > SYN flag enabled are > used only during the initialisation of the TCP > session and never during > an already established session. You should check why > these packets > appear in the first place. It shouldn't be the > firewall's fault. > > Cihan Subasi (Garanti Teknoloji) wrote: > > >Hi, > > > >I am getting the message in the subject field ( > th_flags 2 message_info SYN for established > connection) for some our clients, after doing a > quick research I found out that those are mostly > GPRS customers (and I guess they are slower than > usual), as a solution to that, would it be enough > to play with "tcpendtimeout" using dbedit or there > are other things that I need to do? Thanks > > > >*********************************************************** > >Cihan SUBASI > >Garanti Technology > >Internet ve Yazilim Hizmetleri > >Tel:(90)GSM:(90)(533)(2750353) > >Fax:(90)> >http://www.garantitechnology.com > <http://www.garantitechnology.com/> > >mailto:[email protected] > >*********************************************************** > > > > > > > >This message and attachments are confidential and > intended solely for the individual(s) stated in this > >message.If you received this message although you > are not the addressee you are responsible to keep > >confidential the message.The sender has no > responsibility for the accuracy or correctness of > the > >information in the message and its attachments.Our > company shall have no liability for any changes > >or late receiving,loss of integrity and > confidentiality,viruses and any damages caused in > >anyway to your computer system. > > > >Bu mesaj ve ekleri mesajda gonderildigi belirtilen > kisi/kisilere ozeldir ve gizlidir.Bu mesajin > muhatabi > >olmamaniza ragmen tarafiniza ulasmis olmasi halinde > mesaj iceriginin gizliligi ve bu gizlilik > yukumlulugune > >uyulmasi zorunlulugu tarafiniz icin de soz > konusudur.Mesaj ve eklerinde yer alan bilgilerin > dogrulugu ve > >guncelligi konusunda gonderenin ya da sirketimizin > herhangi bir sorumlulugu bulunmamaktadir.Sirketimiz > >mesajin ve bilgilerinin size degisiklige ugrayarak > veya gec ulasmasindan, butunlugunun ve gizliliginin > >korunamamasindan, virus icermesinden ve bilgisayar > sisteminize verebilecegi herhangi bir zarardan > >sorumlu tutulamaz. > > > >================================================= > >To set vacation, Out-Of-Office, or away messages, > >send an email to [email protected] > >in the BODY of the email add: > >set fw-1-mailinglist nomail > >================================================= > >To unsubscribe from this mailing list, > >please see the instructions at > >http://www.checkpoint.com/services/mailing.html > >================================================= > >If you have any questions on how to change your > >subscription options, email > >[email protected] > >================================================= > > > > > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|