[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] unknown established TCP packet - SP2
Hi, O/S - Linux 2.2.14 Firewall - V4.1 SP2 WE are having the problem of dropped packets after installing SP2. The packets are dopped on rule 0 with the following log: "unknown established TCP packet" Phoneboy has a howto for reverting the behaviour of SP2 to allow these dropped packets through OR to disable the logging. We reluctantly tried to revert the behaviour (uncommented #define ALLOW_NON_SYN_RULEBASE_MATCH). This worked until our next oplicy change, after which the firewall lost it's ability to keep state altogether! We have now reverted and are just disabling the logging of these drops. I would like to know why these connections are being dropped (they are will within the tcp timeout period). Why is the state-table so sensitive now? Can we fix this? It appears to be affecting the closing packets of a sesion (i.e. FIN packets). My objects.C file has as follows: tcptimeout 3600 tcpstarttimeout 60 tcpendtimeout 50 Any ideas would be greatly appreciated Thanks Ken ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|