-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Torkel Mathisen wrote: > Hi, > > I have a problem with http traffic from two Windows 2008 servers through our > firewall. > > It gets dropped by SmartDefense with the following information: > > Attack Bad TCP sequence > Attack Information SYN retransmit with different windows scale > > I thought this could be a problem with TCP windows scale in Windows 2008: > > http://support.microsoft.com/kb/934430 > > but even after we disabled the windows scale on the server it doesnt work. > > Anyone know of a fix for this (except disabling Sequence Verifier as that is > not an option)? > > We use R61 HFA01 on that firewall. > > Is it fixed in newer versions?
Well to know that we have to know the exact problem. For that I would ask for a fw monitor packet capture to begin with. And I expect Check Point to ask for a fw debug as well. Hugo. - -- [EMAIL PROTECTED] http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIrEqVBvzDRVjxmYERAo4/AKCaRI0qdfS3mCUWY9QQYn0ivgQP8QCguJV4 LZX4pAvtMVnj+X6c8LNDG8Y= =OJPD -----END PGP SIGNATURE----- Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
