Girard Moussa wrote: > These drops are due to the fact that the firewall is seeing Packets that > are not SYN packets. These might be SYN/ACK, ACK, or FIN packets and the > firewall cannot find any entry in the state table indicating that there > is an existing established connection for these packets.
Is this something that happens often at your site? I get roughly 10 logs about this every minute, on one of my /25's. It seems to have increased since I moved from R54 to R55, but that may be in my head. ....................... Ian Neubert Director of IS TWAcomm.com, Inc. http://www.twacomm.com/ > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] Behalf Of Girard > Moussa > Sent: Monday, April 12, 2004 5:55 PM > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] TCP Packet out of state: First packet isn't SYN > > > Michael, > > These drops are due to the fact that the firewall is seeing Packets that > are not SYN packets. These might be SYN/ACK, ACK, or FIN packets and the > firewall cannot find any entry in the state table indicating that there > is an existing established connection for these packets. You can turn > off Packet out of state checking via the properties in R55, however, > this is NOT recommended since most of the port and system scans out > there (e.g. NMAP) depend on these methods to scan your network. In your > case, you should make sure that all your internet users are going > through the firewall both for outgoing and incoming traffic (same > firewall that is). I have seen some problems where some sites have more > than one internet connection and some users exit via one firewall and > then the traffic comes in from another firewall that did not see the > traffic in the initial session. > > In order to allow such packets to go through (and thus reduce your > security level) go to Global Properties, Stateful Inspection and then > remove the tick mark next to "Drop out of state TCP packets", install > the policy. > > Best of luck. > > Regards, > Girard Moussa > > -----Original Message----- > From: Michael Halligan [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 13 April 2004 8:50 AM > To: [EMAIL PROTECTED] > Subject: [FW-1] TCP Packet out of state: First packet isn't SYN > > I'm getting dropped packets, not by my rule base. > > > I'm running R55 FP4 on secureOS. The Errors are blocking seemingly > random outgoing web packets. > > My searches online say this is a common problem, but nobody seems to > have > a working solution. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > __________________________________________________________________ > _____________________ > This email (and attachements) may contain privileged / > confidential information. > If you are not the addressee (or responsible for delivery of > this message) any use, > forwarding, printing or copying of this email is strictly > prohibited. In such case, you > should destroy this message and kindly notify the sender. > Opinions, conclusions > and other information in this message that do not relate to the > official business of > Advance Vision Technology (Aust) Pty Ltd shall be understood as > neither given > nor endorsed by it. > __________________________________________________________________ > ______________________ > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
