[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] [FW-1] - Log Problems
Joe: Try taking a look at phoneboy's explanation of this at the following URL: http://www.phoneboy.com/fw1/faq/0408.html This should explain things a bit. The issue here, as phoneboy's article points out is that CheckPoint significantly changed the way that they handled TCP session timeouts. Under the old way if a session had it's TCP session expire the entry would be dropped out of the state table. If CheckPoint sensed additional traffic after this session timeout it would first attempt to re-establish the connection (all invisible to the user). Now with the new version of CheckPoint if the TCP session timer expires the firewall will remove the entry out of the state table and drop all addtional packets and this is when you will see all of those messages in your log files being dropped under rule 0 with a reason of unknown established TCP connection. Hope that this helps. Joe <[email protected]> on 01/30/2001 05:12:23 AM To: [email protected] cc: (bcc: James E Clukey/Rush/RSH) Subject [FW1] [FW-1] - Log Problems : I noticed that since Service Pack 2, the FW-1 4.1 for Solaris keeps on filling the Log Viewer with a lot of dropping messages, even if I don't have any rule logged. The reason for the dropping is always the same: 'reason: unknown established TCP packet'. Can it be related with a dynamic NAT? Did anyone have the same problem? Does anyone know why this is happening and how to make it stop? Thank a lot Joe ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|