Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] [FW-1] - Log Problems

To: Joe <[email protected]>
Subject: Re: [FW1] [FW-1] - Log Problems
From: [email protected]
Date: Tue, 30 Jan 2001 08:43:49 -0600
Cc: [email protected]
Sender: [email protected]



Joe:

     Try taking a look at phoneboy's explanation of this at the following URL:

     http://www.phoneboy.com/fw1/faq/0408.html

     This should explain things a bit. The issue here, as phoneboy's article
points out is that CheckPoint significantly changed the way that they handled
TCP session timeouts.

     Under the old way if a session had it's TCP session expire the entry would
be dropped out of the state table. If CheckPoint sensed additional traffic after
this session timeout it would first attempt to re-establish the connection (all
invisible to the user).

     Now with the new version of CheckPoint if the TCP session timer expires the
firewall will remove the entry out of the state table and drop all addtional
packets and this is when you will see all of those messages in your log files
being dropped under rule 0 with a reason of unknown established TCP connection.

     Hope that this helps.







Joe <[email protected]> on 01/30/2001 05:12:23 AM
                                                              
                                                              
                                                              
  To:          [email protected]       
                                                              
  cc:          (bcc: James E Clukey/Rush/RSH)                 
                                                              
                                                              
                                                              
  Subject      [FW1] [FW-1] - Log Problems                    
  :                                                           
                                                              








I noticed that since Service Pack 2, the FW-1 4.1 for Solaris keeps on
filling the Log Viewer with a lot of dropping messages, even if I
don't have any rule logged.

The reason for the dropping is always the same: 'reason: unknown
established TCP packet'.

Can it be related with a dynamic NAT?
Did anyone have the same problem?
Does anyone know why this is happening and how to make it stop?

Thank a lot

       Joe



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] local.arp on Nokia
Next by Date: Re: [FW1] SunUltra10: error while booting?!
Previous by thread: RE: [FW1] [FW-1] - Log Problems
Next by thread: [FW1] problem on some web sites - urgent help needed !
Index(es):
- Date
- Thread