Although I agree with Hugo, you can increase your TCP timeout globally or for a specific service under its advanced options. Keep in mind this could have an adverse effect by keeping idle connections longer in your connections table and could potentially cause you to max out your global connections limit.
-GS ________________________________ From: "Verweyen, Dirk" <[email protected]> To: [email protected] Sent: Thu, April 22, 2010 8:06:03 AM Subject: [FW-1] AW: [FW-1] Again: TCP packet out of state: First packet isn't SYN Hi Huga, thanks for your reply. I look at the server and there is no entry in the registry. That means, that the servers uses the default value of 2 hours. Is there another solution for this kind of problems? Greetings, Dirk -----Ursprüngliche Nachricht----- Von: Mailing list for discussion of Firewall-1 [mailto:[email protected]] Im Auftrag von hvdkooij Gesendet: Dienstag, 20. April 2010 11:32 An: [email protected] Betreff: Re: [FW-1] Again: TCP packet out of state: First packet isn't SYN On Tue, 20 Apr 2010 09:47:13 +0200, "Verweyen, Dirk" <[email protected]> wrote: > we have upgraded to a R70-Gateway running on SmartPlatform. > With this Gateway we are building a VPN to an UTM1-Edge. > > Between this VPN we have a problem, that our ERP-Client (Baan) > is losing his connection to his server. > > We have in both directions " TCP packet out of state: First packet isn't > SYN > tcp_flags: ACK" -- Errors. Sounds like inactive sessions. In those instances I always recommend to fix the servers and set their TCP Keep-Alive to 900 seconds. Hugo. -- JA, ik ben zo gek als een deur | NEE, dat komt nooit meer goed Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= IƧ�ç[È(^rCèŠ{S¢Ö¥Iç.®+r«^Á¬ÿ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
