[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] TCP sequence validator bug in FP2
Hopefully by passing this along I can save some other people a lot of time. After about a month of Checkpoint insisting their TCP sequence validator could not possibly be doing anything wrong, they finally admitted that there is a bug in FP2. Specifically, "There was a bug in FP2 that caused sequence verifier to drop such RST replies [this pertained to a SYN, RST+ACK exchange] whenever SYN's sequence was bigger than 2,147,483,648. The CR number is CR00068810 (fixed for FP3). There is no current hotfix for this issue in NG FP2." After another follow-up they added, "It is recommended that you turn off the sequence verifier until you upgrade to NG FP3." Bugs happen and that doesn't bother me, but it escalated through several levels before they found somebody who knew about it and confirmed it. Corey Hull AMS 4050 Legato Road Fairfax, VA 22033 [email protected] ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|