Michael, These drops are due to the fact that the firewall is seeing Packets that are not SYN packets. These might be SYN/ACK, ACK, or FIN packets and the firewall cannot find any entry in the state table indicating that there is an existing established connection for these packets. You can turn off Packet out of state checking via the properties in R55, however, this is NOT recommended since most of the port and system scans out there (e.g. NMAP) depend on these methods to scan your network. In your case, you should make sure that all your internet users are going through the firewall both for outgoing and incoming traffic (same firewall that is). I have seen some problems where some sites have more than one internet connection and some users exit via one firewall and then the traffic comes in from another firewall that did not see the traffic in the initial session.
In order to allow such packets to go through (and thus reduce your security level) go to Global Properties, Stateful Inspection and then remove the tick mark next to "Drop out of state TCP packets", install the policy. Best of luck. Regards, Girard Moussa -----Original Message----- From: Michael Halligan [mailto:[EMAIL PROTECTED] Sent: Tuesday, 13 April 2004 8:50 AM To: [EMAIL PROTECTED] Subject: [FW-1] TCP Packet out of state: First packet isn't SYN I'm getting dropped packets, not by my rule base. I'm running R55 FP4 on secureOS. The Errors are blocking seemingly random outgoing web packets. My searches online say this is a common problem, but nobody seems to have a working solution. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= _______________________________________________________________________________________ This email (and attachements) may contain privileged / confidential information. If you are not the addressee (or responsible for delivery of this message) any use, forwarding, printing or copying of this email is strictly prohibited. In such case, you should destroy this message and kindly notify the sender. Opinions, conclusions and other information in this message that do not relate to the official business of Advance Vision Technology (Aust) Pty Ltd shall be understood as neither given nor endorsed by it. ________________________________________________________________________________________ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
