Dear Huiqi, your fw-monitor syntax 'fw monitor -e "accept src=x.x.x.x;" -o debug.cap' is the same as mine.
Normally, when you don't see packets with lower 'i' it indicates, that no packet had arrived at the firewall inbound interface. I am not absolutely sure, but when you use SecureXL some packets are bypassed the FW kernal and you won't see them in fw monitor. Is SecureXL active? Best regards, Christian -----Ursprüngliche Nachricht----- Von: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] Im Auftrag von Huiqi Liu Gesendet: Donnerstag, 21. August 2008 12:04 An: [email protected] Betreff: Re: [FW-1] AW: [FW-1] AW: [FW-1] Strange problem Dear Christian, Finally got round to this again. I did run a fw monitor -e "accept src=x.x.x.x;" -o debug.cap (it doesn't like the other options). The debug file doesn't contain any lower 'i' (or do they only show up with the above options?), but there are a lot of RST and retransmit errors. Does that indicate an ISP issue? The problems are only intermittent: for example, when they try to send an email, it takes perhaps 3 attempts (for some users). MSN always fails though (again for some users). I am very tempted to replace the firewall hardware (it is a IP130 currently) as the next step. Thank you for your help so far. Huiqi Christian Köhler <Christian.Koehle [EMAIL PROTECTED]> To Sent by: Mailing [EMAIL PROTECTED] list for INT.COM discussion of cc Firewall-1 <FW-1-MAILINGLIST Subject @AMADEUS.US.CHECK [FW-1] AW: [FW-1] AW: [FW-1] POINT.COM> Strange problem 01/08/2008 10:13 Please respond to Mailing list for discussion of Firewall-1 <FW-1-MAILINGLIST @AMADEUS.US.CHECK POINT.COM> Dear Huiqi, do you see a drop or reject in Smart View Tracker? Had run run "fw monitor"? fw monitor -m iIoO -e "accept src=X.X.X.X;" -o debug.cap Now every packet from your source is written to debug.cap. You can use Ethereal to view the packets. If you only see a lower 'i' for the MSN connection, the packet ist probably dropped by Firewall. You can also try to run: fw ctl debug 0 fw ctl debug -buf 5000 fw ctl debug -m fw + drop fw ctl kdebug -f > drop.txt Now reproduced the problem. Now, you can see all dropped and rejected packets, even if the are not loged to Smart View Tracker. Stop the debug with: CTL+C AND fw ctl debug 0 May you can find a hind in the text-file for a drop/reject reason. Best regards, Christian -----Ursprüngliche Nachricht----- Von: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] Im Auftrag von Huiqi Liu Gesendet: Freitag, 1. August 2008 10:15 An: [email protected] Betreff: Re: [FW-1] AW: [FW-1] Strange problem Hello Christian, Many thanks for the quick reply. As it happens yesterday the ISP assigned us a new IP address (with less than a day's notice) and after that the first problem (accessing certain websites) has gone. I did try however to set up a new PPPoE with a MTU of 1400 but it hasn't helped with the two issues (MSN and Outlook email). The IPSO version is 3.8 BUILD039, so it is older than the affected version. Will appreciate any other suggestions. Thanks! Huiqi Christian Köhler <Christian.Koehle [EMAIL PROTECTED]> To Sent by: Mailing [EMAIL PROTECTED] list for INT.COM discussion of cc Firewall-1 <FW-1-MAILINGLIST Subject @AMADEUS.US.CHECK [FW-1] AW: [FW-1] Strange problem POINT.COM> 30/07/2008 09:32 Please respond to Mailing list for discussion of Firewall-1 <FW-1-MAILINGLIST @AMADEUS.US.CHECK POINT.COM> Dear Huiqi, I can be a problem related to MTU. From IPSO 3.8-build 049 can lower the MTU. Nokia suggest a value of 1400 (Nokia Knowledgebase: Vantive Resolutions ID: 1128905). Hope this helps, Christian -----Ursprüngliche Nachricht----- Von: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] Im Auftrag von Huiqi Liu Gesendet: Mittwoch, 30. Juli 2008 09:59 An: [email protected] Betreff: [FW-1] Strange problem Sorry I can't be more specific on the subject line! Recently we have set up a new branch office firewall, with a Nokia IP130, running NG AI R55p, IPSO 3.8, with ADSL connection (PPPoE) to the internet. There are about 10 users in the office who are connected a switch which connects to an interface on the Nokia. We have set up VPNs between that office and other locations, and that works fine. The problem is: Since the firewall install, 5 or 6 laptops have these problems: Accessing certain websites (e.g., microsoft.com, and some other sites, e.g., www.sina.net) Accessing MSN Accessing Hotmail Intermittent problems accessing pop3 email using Outlook Express 2 users don't have any of the problems above. And the curious thing is that these two users were in the office with their laptops when the changeover occurred, though there is a desktop in the office at the same time but that has the same problems above. Before the firewall was installed, the switch was connected directly to the ADSL router, and there were no such problems. The firewall logs all look fine: outgoing requests from the problem laptops were shown to be accepted like the rest. I'm really lost as to what might have caused these. Any ideas would be much appreciated! Huiqi Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Diese E-Mail kann vertrauliche oder rechtlich geschützte Informationen enthalten. Wenn Sie nicht der beabsichtigte Empfänger sind, informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail. Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der enthaltenen Informationen ist nicht gestattet. The information contained in this message is confidential or protected by law. If you are not the intended recipient, please contact the sender and delete this message. Any unauthorised copying of this message or unauthorised distribution of the information contained herein is prohibited. Controlware GmbH Kommunikationssysteme Telefon: (0 60 74) 8 58-0 E-Mail: [EMAIL PROTECTED] http://www.controlware.de Sitz: 63128 Dietzenbach, Registergericht: Offenbach a.M., HRB Nr. 6431, USt.-Id.-Nr. DE 113539225 Geschäftsführung: Helmut E. Wörner (Vorsitzender), Bernd Schwefing, Hubert Potthoff Beirat: Dr. Gert Sieger (Vorsitzender), Dr. Peter Pagé, Kurt Sibold Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Diese E-Mail kann vertrauliche oder rechtlich geschützte Informationen enthalten. Wenn Sie nicht der beabsichtigte Empfänger sind, informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail. Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der enthaltenen Informationen ist nicht gestattet. The information contained in this message is confidential or protected by law. If you are not the intended recipient, please contact the sender and delete this message. Any unauthorised copying of this message or unauthorised distribution of the information contained herein is prohibited. Controlware GmbH Kommunikationssysteme Telefon: (0 60 74) 8 58-0 E-Mail: [EMAIL PROTECTED] http://www.controlware.de Sitz: 63128 Dietzenbach, Registergericht: Offenbach a.M., HRB Nr. 6431, USt.-Id.-Nr. DE 113539225 Geschäftsführung: Helmut E. Wörner (Vorsitzender), Bernd Schwefing, Hubert Potthoff Beirat: Dr. Gert Sieger (Vorsitzender), Dr. Peter Pagé, Kurt Sibold Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Diese E-Mail kann vertrauliche oder rechtlich geschützte Informationen enthalten. Wenn Sie nicht der beabsichtigte Empfänger sind, informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail. Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der enthaltenen Informationen ist nicht gestattet. The information contained in this message is confidential or protected by law. If you are not the intended recipient, please contact the sender and delete this message. Any unauthorised copying of this message or unauthorised distribution of the information contained herein is prohibited. Controlware GmbH Kommunikationssysteme Telefon: (0 60 74) 8 58-0 E-Mail: [EMAIL PROTECTED] http://www.controlware.de Sitz: 63128 Dietzenbach, Registergericht: Offenbach a.M., HRB Nr. 6431, USt.-Id.-Nr. DE 113539225 Geschäftsführung: Helmut E. Wörner (Vorsitzender), Bernd Schwefing, Hubert Potthoff Beirat: Dr. Gert Sieger (Vorsitzender), Dr. Peter Pagé, Kurt Sibold Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
