[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] unknown established tcp packets...
Yeah, I know that these are because there is no state table entry for the TCP session, and I know how to make these dropped packet messages go into the bit bucket, but that was not really what I was asking.... I was more interested if having a high number of these is normal or a symptom of a problem. -----Original Message----- From: root [mailto:root]On Behalf Of Cristian Nicolae Sent: Saturday, September 30, 2000 5:22 PM To: Carl E. Mankinen Cc: [email protected] Subject: Re: [FW1] unknown established tcp packets... Carl, Have a look at http://www.phoneboy.com/fw1/faq/0408.html on this problem Cristian "Carl E. Mankinen" wrote: > > I have been noticing since I upgraded to 4.1 SP2 that my logs are getting a lot more of these rule 0 drops than I had ever seen > before. > >From what I understand, this happens because the firewall is receiving a TCP packet with the established bit set and it has no > session information in it's state tables to verify that this is a valid conversation. > > Is this something that just happens a lot with TCP conversations and nothing to be concerned about, or is this a symptom of some > problem which I should pay closer attention too? The packets which are causing the rule 0 drop are invariably arriving at the > outside interface. > > I know I can prevent this from being logged, but I would rather make sure that I am not covering up a problem before I do this. My > interfaces on all my routers look really clean, and the settings on the firewall properties for TCP session timeouts is set for 30 > minuten. > > Could this be a problem with my fw dropping it's state table entries? > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|