Hi, one of my clients have a FW1 R62 on IPSO 4 with SecureXL, they´re using an internal software running on port 1527 (TCP) with a oracle db. The problem we have is that after 10 or 15 minutes the connection is lost, with a message: "TCP packet out of state: First packet isn´t SYN tcp_flags: PUSH-ACK" and the action of the fw is DROP.
The first thing we made was increment the Session Timeout in the TCP Services Properties of the 1527 port to 10800 seconds, but the problem continue, about the severity of the problem because the people can´t work if the application is offline, the temp solution we made was disable the "Drop out of state TCP packets" in the Global Properties of Stateful Inspection but i don´t want to be like this because it´s a security risk disable this option. Is there any chance the about traffic of the port 1527 pass without it being filtered across the SecureXL? Thanks in advance, Miguel Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
