Carl,
Have a look at
http://www.phoneboy.com/fw1/faq/0408.html on this problem
Cristian
"Carl E. Mankinen" wrote:
>
> I have been noticing since I upgraded to 4.1 SP2 that my logs are getting a lot more
>of these rule 0 drops than I had ever seen
> before.
> >From what I understand, this happens because the firewall is receiving a TCP packet
>with the established bit set and it has no
> session information in it's state tables to verify that this is a valid conversation.
>
> Is this something that just happens a lot with TCP conversations and nothing to be
>concerned about, or is this a symptom of some
> problem which I should pay closer attention too? The packets which are causing the
>rule 0 drop are invariably arriving at the
> outside interface.
>
> I know I can prevent this from being logged, but I would rather make sure that I am
>not covering up a problem before I do this. My
> interfaces on all my routers look really clean, and the settings on the firewall
>properties for TCP session timeouts is set for 30
> minuten.
>
> Could this be a problem with my fw dropping it's state table entries?
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
