Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] unknown established tcp packet

To: "[email protected]" <[email protected]>
Subject: RE: [FW1] unknown established tcp packet
From: "Thomas Leong" <[email protected]>
Date: Tue, 24 Apr 2001 09:19:09 +0800 (Singapore Standard Time)
Sender: [email protected]

Did anyone get any reply on this issue from Checkpoint? I didn't realize
this problem until someone in my office told me that their telnet sessions
keep getting frozen up after less than 1 minute. We have many VPN
connections for email replications to many countries and I can see now why
users are complaining that their mails are always delay. I have since then
done the necessary changes to revert back to prior SP1 of handling TCP
connections. But is this a BUG? Or it is supposed to tighten the security
loop hole? Does the 3600s (1 hr) TCP session timeout setting really works?

Regards
Thomas Leong
Network Specialist

-----Original Message-----
From:	MikeCC [SMTP:[email protected]]
Sent:	Friday, April 20, 2001 9:39 PM
To:	[email protected]
Subject:	RE: [FW1] unknown established tcp packet

At 09:04 AM 4/20/01 -0400, Felicetti, Stephen A. wrote:
>Instead of just providing a solution of reverting back to the 4.0 version
of
>handling TCP connections, does anyone really know why this is happening
and
>whether Checkpoint plans to fix it?

I have been trying to get this answer for weeks.  I have run into this
very 
problem, packets being dropped that should not be dropped and the log 
displaying the "unknown established tcp packet" error.  The only solution 
coming from Checkpoint has been to revert to the old behavior which I 
believe was changed in the first place to fix a potential 
vulnerability.  When I have asked Checkpoint support "If I do this wont I 
open up a vulnerability?" they acknowledge it does.

======================================================================
Mike Cerone, CISSP, CCNA
Ad Astra!
======================================================================

================================================================================     To unsubscribe from this mailing list, please see the instructions at               http://www.checkpoint.com/services/mailing.html================================================================================

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Error on VPN: " encryption error: Packet is not IPSEC scheme: Manual IPSec "
Next by Date: Re: [FW1] Secure Remote for Linux/Solaris, Macintosh ????
Previous by thread: RE: [FW1] Unknown established TCP packet
Next by thread: [FW1] testing
Index(es):
- Date
- Thread