I am trying to access an external web server, say a b2b server using port
9090, passing through 2 firewalls in tandem, i.e., an inner firewall and an
outer firewall, but fails. The valid addresses for the external interface
of the outer firewall has been set to others.
According to the log, both firewalls accepts from source to destination, but
then reject by the outer firewall using rule 0. The info is message SYN ->
SYN-ACK -> Timeout.
When I was using other ports, e.g., 80, 9091, 443, the firewall log
indicates both firewalls accept them, but no response from the external
server.
I have increased the SYNDefender time out from 10 seconds to 20 seconds, and
even set it to none. but to no avail.
(BTW, I do not have problem with other servers.)
According to the FAQ0068 found on www.deathstar.com, which says:
The reason for that is, the client which established the TCP session did not
ACK the 3 way handshake of the TCP session. This is a clear symptom of a SYN
flood attack. If the acknowledge of the client is not issued within 10
seconds (default), the session is reset. Which is shown in the message
"SYN->SYN-ACK-> RST
Is the firewall rule not configured properly? We have no problem with other
servers.
Is the external server configured properly? Why are rejects when using
9091, but not for 9091, 80, 443.
Is the firewall in front of the external server causing the problem?
Any comments/pointers are appreciated.
David
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
