Hello , I had a problem like that before.... Full message is "TCP packet out of state: First packet isn't SYN;"
This happens sometimes because of routing issues....your firewall maybe is connected to another routing device or firewall, so the initiating connection of your Sql Connection(SYN PACKET) is not passing through the firewall, but the receiving connection (ACK PACKET) is passing through the firewall, that's why it tells you that first packet should be SYN, instead ACK.......that means that the firewall is not seeing the first packet connection, because your are sending that packet through another routing device. What you can do is a traceroute from your sql clients -> sql server and viceversa. That could gives you a pretty good idea if something with the routing is not ok. I hope this helps.. Rgds. -----Mensaje original----- De: Mailing list for discussion of Firewall-1 [mailto:[email protected]] En nombre de Esteban Serrano Enviado el: Martes, 20 de Enero de 2009 01:59 a.m. Para: [email protected] Asunto: [FW-1] Dropped out-of-state connections after upgrade from R60 to R65 Hi everybody. We have upgraded our firewall platform, running in a Crossbeam X40 chassis, from R60 to R65 HFA30 last week. Since then, we have noticed that some legitimate Oracle SQL connections are being dropped. The log says they are out-of-state packets, though they shouldn't. We have checked wether aggressive aging was activated, but it seems it isn't: fw_1 (crossbeam): root$ fw ctl pstat Machine Capacity Summary: Memory used: 2% (22MB out of 801MB) - below low watermark Concurrent Connections: 0% (124 out of 24900) - below low watermark Aggressive Aging is not active Any ideas? Thanks in advance! Esteban Serrano Scanned by Check Point Total Security Gateway. Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= Notice of Confidentiality: The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. Scanned by Check Point Total Security Gateway. Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
