Hi, I'm rather new to this list, but already realize that the "tcp packet out of state" error message is not a new one;-) Nevertheless I hope someone will be so kind as to comment on the situation described below; In a high availability solution running NG FP2 we saw what in the beginning seemed like a strange situation; all tcp sessions lasting for more than one hour timed out with "tcp packet out of state" after more or less exactly 3600 seconds. Whilst trying to solve the situation, which was most often manifested with the "th_flags: 18 tcp packet out of state" on streaming sessions using http, we tried to set the tcp timeout value of http to 4200 seconds as opposed to 3600 seconds. The result was that the sessions timed out after 4200 seconds. OK, so now I've verified that the timeout value is relevant to the situation. Next we tried to verify that the streaming session actually sent packets. Should be easy to verify starting a streaming session, but to verify this more in-depth we sniffed the traffic. As expected the normal PUSH+ACK and ACK flags were involved until the session suddenly timed out after 4200 seconds. Strange, this should mean that the state table is not updated properly...?! We could have monitored the traffic using "fw tab -t connections", but in a HA solution with lots of traffic (close to 100.000 entries in the state table) this isn't easy to monitor;-) Searching Check Points knowledge base gave some information which came in handy. Then we found out that this was a well known problem fixed in later versions, i.e FP3. Upgrading to FP3 actually solved the problem; no more dropping the packets after 4200 seconds! Regrettably we now see that there are still some problems generating "th_flags: 18 tcp packet out of state" messages, although now they appear more randomly and to my knowledge never within the first 4200 seconds. It is verified that the streaming sessions are active all the time until they suddenly time out, but now after 2h17m, approx 5h, etc. We also see other th_flags values, like 10, 11 and 14. Does anybody know why this is, and even more important - how to solve this situation? Thanx, Viggo
================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
