Hi again. We have even shutdown one of the interfaces of the ipmp group, to make sure all the traffic is comming in and out from the same interface, and verified that point with snoop.
El mar, 20-01-2009 a las 10:37 -0600, Oscar Esquivel escribió: > I`ve seen cases where servers with 2 interfaces, responds outgoing packets > from one or another interface, isn't your case? Have you checked that all > outgoing packets from SQl goes through the same > interface(mac address or ip )? And not both ? > have you checked on your IPMP configuration? > > > > > > -----Mensaje original----- > De: Mailing list for discussion of Firewall-1 > [mailto:[email protected]] En nombre de Esteban > Serrano > Enviado el: Martes, 20 de Enero de 2009 10:21 a.m. > Para: [email protected] > Asunto: Re: [FW-1] Dropped out-of-state connections after upgrade from R60 to > R65 > > No, I have single firewalls. > > The database runs over SunCluster 3.0, but it remains stable in one of > the nodes without flapping. > > We did check the routing after the upgrade. In fact, we have many other > connections running without problem over the firewall after upgrading to > R65. It seems it's oracle1521 service which is affected... > > > El mar, 20-01-2009 a las 09:50 -0600, Oscar Esquivel escribió: > > Do you have a cluster ? Have you checked that the cluster is in sync? > > To get a better idea, you should run fw monitor on the firewall. > > > > Beside after the upgrade, have you checked if routing in your firewall has > > not changed? > > > > Another question, the sql server has any kind of redundancy? I mean 2 > > network interfaces? > > > > > > -----Mensaje original----- > > De: Mailing list for discussion of Firewall-1 > > [mailto:[email protected]] En nombre de Esteban > > Serrano > > Enviado el: Martes, 20 de Enero de 2009 09:19 a.m. > > Para: [email protected] > > Asunto: Re: [FW-1] Dropped out-of-state connections after upgrade from R60 > > to R65 > > > > Hi Oscar. > > > > We have double-checked the routing tables... moreover, the connection > > initially success but gets dropped after a while. > > The routing config was the same when we had R60, and everything worked > > fine; the problem appeared just when we upgraded the platform. > > > > Thank you very much again. > > > > > > El mar, 20-01-2009 a las 08:54 -0600, Oscar Esquivel escribió: > > > Hello , I had a problem like that before.... > > > Full message is "TCP packet out of state: First packet isn't SYN;" > > > > > > This happens sometimes because of routing issues....your firewall maybe > > > is connected to another routing device or firewall, so the initiating > > > connection of your Sql Connection(SYN PACKET) is not passing through the > > > firewall, but the receiving connection (ACK PACKET) is passing through > > > the firewall, that's why it tells you that first packet should be SYN, > > > instead ACK.......that means that the firewall is not seeing the first > > > packet connection, because your are sending that packet through another > > > routing device. What you can do is a traceroute from your sql clients -> > > > sql server and viceversa. That could gives you a pretty good idea if > > > something with the routing is not ok. > > > > > > > > > I hope this helps.. > > > > > > > > > Rgds. > > > > > > -----Mensaje original----- > > > De: Mailing list for discussion of Firewall-1 > > > [mailto:[email protected]] En nombre de Esteban > > > Serrano > > > Enviado el: Martes, 20 de Enero de 2009 01:59 a.m. > > > Para: [email protected] > > > Asunto: [FW-1] Dropped out-of-state connections after upgrade from R60 > > > to R65 > > > > > > Hi everybody. > > > > > > We have upgraded our firewall platform, running in a Crossbeam X40 > > > chassis, from R60 to R65 HFA30 last week. > > > > > > Since then, we have noticed that some legitimate Oracle SQL connections > > > are being dropped. The log says they are out-of-state packets, though > > > they shouldn't. > > > > > > We have checked wether aggressive aging was activated, but it seems it > > > isn't: > > > > > > fw_1 (crossbeam): root$ fw ctl pstat > > > > > > Machine Capacity Summary: > > > Memory used: 2% (22MB out of 801MB) - below low watermark > > > Concurrent Connections: 0% (124 out of 24900) - below low watermark > > > Aggressive Aging is not active > > > > > > Any ideas? > > > > > > Thanks in advance! > > > > > > Esteban Serrano > > > > > > Scanned by Check Point Total Security Gateway. > > > > > > Scanned by Check Point Total Security Gateway. > > > > > > ================================================= > > > To set vacation, Out-Of-Office, or away messages, > > > send an email to [email protected] > > > in the BODY of the email add: > > > set fw-1-mailinglist nomail > > > ================================================= > > > To unsubscribe from this mailing list, > > > please see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ================================================= > > > If you have any questions on how to change your > > > subscription options, email > > > [email protected] > > > ================================================= > > > > > > Notice of Confidentiality: > > > > > > The information contained in this communication is intended solely for > > > the use of the individual or entity to whom it is addressed and others > > > authorized to receive it. It may contain confidential or legally > > > privileged information. If you are not the intended recipient you are > > > hereby notified that any disclosure, copying, distribution or taking any > > > action in reliance on the contents of this information is strictly > > > prohibited and may be unlawful. If you have received this communication > > > in error, please notify us immediately by responding to this email and > > > then delete it from your system. > > > > > > Scanned by Check Point Total Security Gateway. > > > > > > Scanned by Check Point Total Security Gateway. > > > > > > ================================================= > > > To set vacation, Out-Of-Office, or away messages, > > > send an email to [email protected] > > > in the BODY of the email add: > > > set fw-1-mailinglist nomail > > > ================================================= > > > To unsubscribe from this mailing list, > > > please see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ================================================= > > > If you have any questions on how to change your > > > subscription options, email > > > [email protected] > > > ================================================= > > > > > > > > > Scanned by Check Point Total Security Gateway. > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > > > > Scanned by Check Point Total Security Gateway. > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > > > > Scanned by Check Point Total Security Gateway. > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > Scanned by Check Point Total Security Gateway. Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
