Hello All
I have a distributed HA configuration of 1 mgmnt
host and 2 fw hosts of
FW-1 4.1 SP3. I have one rule and 2 machines for
what the firewall just
drops connections saing "Unknown established TCP
packet". I tried the
phoneboy solve by adding #define
ALLOW_NON_SYN_RULEBASE_MATCH
as the first line to $FWDIR/lib/fwui_head.def on both, the management and
fw machines. Then bounced the fw on both and eaven reinstalled the policy.
I still get the same
log entries.
The events go:
1. Machine A requesting a SSH connection sends
SYN
2. The firewall logs an ACCEPT according to the
rulebase rule n
3. The ssh server (B) sends SYN/ACK to
A
4. A tries to send FIN packet to B but it will be
dropped.
5. The fw logs the unknown established packet and
drops
6. A tries and keeps trying....
can anyone explain to me why is it so ? And how
could I fix it ?
Mario Kadastik
CCSE
Estonian Telecommunications Co
Ltd
|