| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] unknown established TCP packet - SP2
Hi,
O/S - Linux 2.2.14
Firewall - V4.1 SP2
WE are having the problem of dropped packets after installing SP2. The
packets are dopped on rule 0 with the following log: "unknown
established TCP packet"
Phoneboy has a howto for reverting the behaviour of SP2 to allow these
dropped packets through OR to disable the logging.
We reluctantly tried to revert the behaviour (uncommented #define
ALLOW_NON_SYN_RULEBASE_MATCH). This worked until our next oplicy
change, after which the firewall lost it's ability to keep state
altogether!
We have now reverted and are just disabling the logging of these drops.
I would like to know why these connections are being dropped (they are
will within the tcp timeout period). Why is the state-table so
sensitive now? Can we fix this?
It appears to be affecting the closing packets of a sesion (i.e. FIN
packets).
My objects.C file has as follows:
tcptimeout 3600
tcpstarttimeout 60
tcpendtimeout 50
Any ideas would be greatly appreciated
Thanks
Ken
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
