Sure, Thanks for the explanation. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Ray Sent: 24 December 2005 15:50 To: [email protected] Subject: Re: [FW-1] Firewall dropping packets
Yeah, it's a weird message for sure. "tried to open a known service port" - Near as I can figure, if you have a service defined as using a specific port, something trying to connect to that port will trip this block. It may have been a relevant defense tactic when firewalls only had a few ports defined, but it sure causes problems now for everything above 1023. We hit it when we were using Outlook through FW-1. It uses random high ports to communicate with Exchange. We would keep seeing this drop intermittently in the logs when Outlook picked a random port that was defined as a service on the firewall. I suspect Lindsay is correct; this is a protection that got moved into SmartDefense when it originally wasn't there. Ray >From: Lindsay Hill <[EMAIL PROTECTED]> >Reply-To: Mailing list for discussion of Firewall-1 ><[email protected]> >To: [email protected] >Subject: Re: [FW-1] Firewall dropping packets >Date: Fri, 23 Dec 2005 17:26:13 +0000 > >Doesn't matter what your logs say they were generated by, Ray's >solution >is the correct one. It is SmartDefense. It may not say that, since that >particular protection/setting has been around for a while, possibly (can't >quite remember) from before SmartDefense was called that. > > >On 23 Dec 2005, at 13:15, Tauseef Khan wrote: > >>Thanks Ray >> >>That's definitely helped, but quite surprisingly these logs weren't >>generated by smartdefense, rather they were generated by >>VPN1&Firewall1. Any ideas. >> >>Kind regards >>Tauseef >> >>-----Original Message----- >>From: Mailing list for discussion of Firewall-1 >>[mailto:[EMAIL PROTECTED] On Behalf Of Ray >>Sent: 22 December 2005 19:33 >>To: [email protected] >>Subject: Re: [FW-1] Firewall dropping packets >> >> >>It's a SmartDefense drop. You have to change SmartDefense to allow >>connections to all ports, >> >>Network Security >>Dynamic Ports >>Select the top radio button >> >>Ray >> >>>From: Tauseef Khan <[EMAIL PROTECTED]> >>>Reply-To: Mailing list for discussion of Firewall-1 >>><[email protected]> >>>To: [email protected] >>>Subject: [FW-1] Firewall dropping packets >>>Date: Thu, 22 Dec 2005 15:45:48 -0000 >>> >>>I am getting the following error message in the firewall logs with no >>>rule number against that. Any ideas. >>> >>>"reason: tried to open a known service port,;protocol:tcp; port_svc: >>>ICKiller" >>> >>> >>>Kind regrads >>> >>> >>> >>>************************************************* >>>For addressee only. No legally binding commitments will be created by >>>this e-mail message. Where we intend to create legally binding >>>commitments >>these >>>will be made through hard copy correspondence or documents. >>> >>>3i Investments plc >>>Registered office: 91 Waterloo Road >>> London SE1 8XP >>>Registered no:3975789 >>>Authorised and Regulated by the Financial Services Authority >>> >>>If you are not the intended recipient it may be unlawful for you to >>>read, copy, distribute, disclose or otherwise use the information in >>>this >>e-mail. >>>If you are not the intended recipient please contact us immediately. >>E-mail >>>may be susceptible to data corruption, interception and unauthorised >>>amendment, and we do not accept liability for any such corruption, >>>interception or amendment or the consequences thereof. >>> >>>3i is committed to following policies which protect your privacy and >>>comply with current international data protection laws and >>>regulations in >>respect >>>of personal data. Further details of these policies can be found at >>>www.3i.com. >>>************************************************* >>> >>> >>>================================================= >>>To set vacation, Out-Of-Office, or away messages, >>>send an email to [EMAIL PROTECTED] >>>in the BODY of the email add: >>>set fw-1-mailinglist nomail >>>================================================= >>>To unsubscribe from this mailing list, >>>please see the instructions at >>>http://www.checkpoint.com/services/mailing.html >>>================================================= >>>If you have any questions on how to change your >>>subscription options, email >>>[EMAIL PROTECTED] >>>================================================= >> >>================================================= >>To set vacation, Out-Of-Office, or away messages, >>send an email to [EMAIL PROTECTED] >>in the BODY of the email add: >>set fw-1-mailinglist nomail >>================================================= >>To unsubscribe from this mailing list, >>please see the instructions at >>http://www.checkpoint.com/services/mailing.html >>================================================= >>If you have any questions on how to change your >>subscription options, email >>[EMAIL PROTECTED] >>================================================= >> >> >>************************************************* >>For addressee only. No legally binding commitments will be created by >>this e-mail message. Where we intend to create legally binding >>commitments these will be made through hard copy correspondence or >>documents. >> >>3i Investments plc >>Registered office: 91 Waterloo Road >> London SE1 8XP >>Registered no:3975789 >>Authorised and Regulated by the Financial Services Authority >> >>If you are not the intended recipient it may be unlawful for you to >>read, >>copy, distribute, disclose or otherwise use the information in this >>e-mail. If you are not the intended recipient please contact us >>immediately. E-mail may be susceptible to data corruption, interception >>and unauthorised amendment, and we do not accept liability for any such >>corruption, interception or amendment or the consequences thereof. >> >>3i is committed to following policies which protect your privacy and >>comply with current international data protection laws and regulations in >>respect of personal data. Further details of these policies can be found >>at www.3i.com. >>************************************************* >> >>================================================= >>To set vacation, Out-Of-Office, or away messages, >>send an email to [EMAIL PROTECTED] >>in the BODY of the email add: >>set fw-1-mailinglist nomail >>================================================= >>To unsubscribe from this mailing list, >>please see the instructions at >>http://www.checkpoint.com/services/mailing.html >>================================================= >>If you have any questions on how to change your >>subscription options, email >>[EMAIL PROTECTED] >>================================================= > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ************************************************* For addressee only. No legally binding commitments will be created by this e-mail message. Where we intend to create legally binding commitments these will be made through hard copy correspondence or documents. 3i Investments plc Registered office: 91 Waterloo Road London SE1 8XP Registered no:3975789 Authorised and Regulated by the Financial Services Authority If you are not the intended recipient it may be unlawful for you to read, copy, distribute, disclose or otherwise use the information in this e-mail. If you are not the intended recipient please contact us immediately. E-mail may be susceptible to data corruption, interception and unauthorised amendment, and we do not accept liability for any such corruption, interception or amendment or the consequences thereof. 3i is committed to following policies which protect your privacy and comply with current international data protection laws and regulations in respect of personal data. Further details of these policies can be found at www.3i.com. ************************************************* ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
