[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] unknown established tcp packet
Did anyone get any reply on this issue from Checkpoint? I didn't realize this problem until someone in my office told me that their telnet sessions keep getting frozen up after less than 1 minute. We have many VPN connections for email replications to many countries and I can see now why users are complaining that their mails are always delay. I have since then done the necessary changes to revert back to prior SP1 of handling TCP connections. But is this a BUG? Or it is supposed to tighten the security loop hole? Does the 3600s (1 hr) TCP session timeout setting really works? Regards Thomas Leong Network Specialist -----Original Message----- From: MikeCC [SMTP:[email protected]] Sent: Friday, April 20, 2001 9:39 PM To: [email protected] Subject: RE: [FW1] unknown established tcp packet At 09:04 AM 4/20/01 -0400, Felicetti, Stephen A. wrote: >Instead of just providing a solution of reverting back to the 4.0 version of >handling TCP connections, does anyone really know why this is happening and >whether Checkpoint plans to fix it? I have been trying to get this answer for weeks. I have run into this very problem, packets being dropped that should not be dropped and the log displaying the "unknown established tcp packet" error. The only solution coming from Checkpoint has been to revert to the old behavior which I believe was changed in the first place to fix a potential vulnerability. When I have asked Checkpoint support "If I do this wont I open up a vulnerability?" they acknowledge it does. ====================================================================== Mike Cerone, CISSP, CCNA Ad Astra! ====================================================================== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|