I have been noticing since I upgraded to 4.1 SP2 that my logs are getting a lot more
of these rule 0 drops than I had ever seen
before.
>From what I understand, this happens because the firewall is receiving a TCP packet
>with the established bit set and it has no
session information in it's state tables to verify that this is a valid conversation.
Is this something that just happens a lot with TCP conversations and nothing to be
concerned about, or is this a symptom of some
problem which I should pay closer attention too? The packets which are causing the
rule 0 drop are invariably arriving at the
outside interface.
I know I can prevent this from being logged, but I would rather make sure that I am
not covering up a problem before I do this. My
interfaces on all my routers look really clean, and the settings on the firewall
properties for TCP session timeouts is set for 30
minuten.
Could this be a problem with my fw dropping it's state table entries?
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
