I've seen this in NG Feature Pack 3 as well. Rajeev Gupta <[EMAIL PROTECTED]> wrote: You will find information on this new feature intro'd in NG AI - What's New at: http://www.checkpoint.com/support/downloads/docs/firewall1/r54/WhatsNew.pdf
It used to be that CP would drop any attempt to establish a new connection w/ the same src port/ip and same dst port/ip unless firewall-1 tables have been flushed out of the state of that connection from a previous use - with this feature, CP would attempt sync'ng its own state w/ the actual state of the client and server and convert the new 'syn' packet on the new connection attempt to an 'ack' which in some cases does cause problems (I have seen myself and had to change the behavior) and that is why your third party vendor who might have seen issues w/ their application due this feature. hope this helps. rajeev On 7/5/07, Crist Clark wrote: > > A third party vendor has this little piece of advice > in a technical document, > > We have seen issues with Checkpoint NG firewalls and > their use of the "Smart Connection Reuse" feature. It > is apparently enabled by default... We have found this > behaviour working improperly [sic], and this feature > should be disabled. > > I'm having trouble finding "Smart Connection Reuse" > in Check Point documentation. Any ideas to what they > are referring? > -- > > Crist J. Clark > [EMAIL PROTECTED] > Globalstar Communications (408) > 933-4387 > > > BĀ¼information contained in this e-mail message is confidential, intended > only for the use of the individual or entity named above. If the reader > of this e-mail is not the intended recipient, or the employee or agent > responsible to deliver it to the intended recipient, you are hereby > notified that any review, dissemination, distribution or copying of this > communication is strictly prohibited. If you have received this e-mail > in error, please contact [EMAIL PROTECTED] > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > --------------------------------- Finding fabulous fares is fun. Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
