Matt,
You probably know this, but...
When you install a rulebase, the fw clear the state table.
Now how it handles existing connections is the following
with some exceptions. FW1 v4.0 will not re-establish
VPN/encrypted connections. v4.1 can(haven't test, just
read it.)
Briefly:
When a packet comes into the fw, it checks the state
table to see if this is an existing connection. If it's there,
the packet is allowed. If not(your case), the fw will check
the rulebase to see if it's allowed. If it is, it's added to the
state table and allowed. If rulebase say's no - then action
is taken(drop/reject).
If you haven't read Lance Spitzners whitepaper on the fw1
state table, it's very interesting reading.
www.enteract.com/~lspitz
www.phoneboy.com/fw1 is another to research for
connection isses.
Now, with that said, your right, the firewall should add
this connection back to the state table. But I'm wondering
who is terminating the connection. What does the fw log
say happens to this connection(e.g. what happens to the
very next packet the firewall sees from this application) after
the rulebase is installed?
Found this on Haht's site: (might be wrapped)
http://www.haht.com/hahtcgi/hsrun.exe/Applications/HAHTkb_30/StateId/BNCwjJ2z6SM9N0KpdxcFO-fvVNq4y-UfKh/HAHTpage/HS_ArticleDisplay?ArticleId=19970218
How long does it take to compile & install the
rulebase? Timeout issue?
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> Matt Cramer <[EMAIL PROTECTED]> 8/11/00 11:32:49 AM >>>
>
>We are using a product called Haht, which is web-middleware. I defined
>services for the Haht protocols using the ports that Haht specifies.
>Whenever I reinstall a new policy, even when I am not altering the ruleset
>referencing the Haht ports, the application loses its tcp connection. So
>it seems like this protocol is not being written to the state table. Is
>this a FW-1 problem, or a problem with the app's protocol? If it is this
>Haht application, what are they doing incorrectly in their protocol so
>that it doesn't enter the state table correctly?
>
>Any help would be greatly appreciated.
>
>
>Matt
>
>--
>Matthew S. Cramer <[EMAIL PROTECTED]> Office: 717-396-5032
>Lead Security Analyst Fax: 717-396-5590
>Armstrong Information Technology Services Pager: 888-769-9367
>Armstrong World Industries, Inc. Cell: 717-951-0141
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
