Hi all,
We have just installed a Nokia/Checkpoint firewall internally for testing
prior to real deployment, but we're having three fairly major problems:
1) A *HUGE* number of "unknown established TCP packet" errors logged
(packets dropped with reason Rule 0). The TCP connections this happens to
include HTTP connections ("internal" net to "DMZ" net and DMZ to
"external"), as well as telnet and SSH connections. There is ABSOLUTELY,
POSITIVELY no possiblity that these are bad (bad as in "evil
cracker-originated") packets attacking this system.
2) Connections hanging and dropping. Again, this happens to telnet, SSH,
and HTTP connections; they just stop responding, hanging for a few seconds,
and the either resume, or simply hang forever. I've started to call this
the "narcoleptic router problem"....
3) Alerts of "too many hosts on internal net": we have a license for 25
hosts, and the external.if file correctly points to the "external"
interface, and FW-1 correctly reports the external interface as it starts at
boot time. I have removed fwd.h and fwd.hosts from the database directory,
but this didn't help; it dropped the number of hosts back down to zero, but
the "external" hosts reported once again began its relentless march upwards.
When I get the "external" host addresses from /var/log/messages, I see
that the IP's reported are all reached over the external.if interface: thus,
I can't see why FW-1 thinks that these hosts are internal to begin with.
Curiously, the IP lists in the "too many hosts" log messages always end with
exactly ONE internal IP, and always a different internal IP.....
Any help would be *GREATLY* appreciated; this install is getting really
behind schedule.....
Our FW-1 version is version 4.1 strong, SP2, IPSO 3.2, running on a Nokia
IP330. A curious thing I just noticed: at boot, we always get TWO messages
in the log of "Only 25 hosts allowed" at the startup of FW-1; these messages
are always back-to-back, and happen right at boot.
Thanks in advance!
-frank
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
