Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] inspect code

To: [email protected]
Subject: Re: [FW1] inspect code
From: Nico De Ranter <[email protected]>
Date: Thu, 18 Jan 2001 12:39:22 +0100
Sender: [email protected]

After upgrading FW-1 (Solaris) to the latest service pack (SP3 I believe),
I started getting *a lot* of drops with the message:

 reason: unknown established TCP packet

Any idea why? I didn't change the timeouts (still 3600 seconds for TCP).

Note: the packets are almost always directed at our web proxy which is NATed
to an external address together with all other traffic. Can it be that there
is just to much traffic NATed on 1 external ip-address? (we have only 80 users
so traffic shouldn't be too heavy).  Or are there other timeouts that apply
to NAT?

Nico

---------------------------------------------------------
 "It has been said that there are only two businesses that
  refer to customers as users: illegal drug trade and
               the computer industry." 
---------------------------------------------------------
Nico De Ranter
Sony Service Center (SDCE/NEE-B)
Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne)
1130 Brussel (Bruxelles), Belgium, Europe, Earth
Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86
e-mail: [email protected]


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Ident port 113.
Next by Date: [FW1] TCP timeout
Previous by thread: Re: [FW1] inspect code
Next by thread: Re: [FW1] inspect code
Index(es):
- Date
- Thread