RE: [FW1] Action drop - Rule 0

Fri, 10 Nov 2000 00:26:10 -0800 


Hi,

I have the same problem that Stew explains , with a very large log with

"unknown established TCP packet"

and i comment the line in :

$FWDIR/lib/fwui_head.def:
#define NON_SYN_RULEBASE_MATCH_LOG

, then i restart the fw1 and apply config, but i see the same large log in 
fw1 ...

what is the problem ??

i don't know ...


Thanks,
Cuasi


At 22:59 09/11/00 -03-30, Hamlyn, Stewart wrote:

>Hi,
>
>Thanks for the quick response from everyone that replied. I made the
>following change and it improved the response time to my remote Exchange
>server Also not seeing ay dropped packets via Rule 0.
>
>Thanks,
>Stew
>
>-----Original Message-----
>From: Tom Sevy [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, November 09, 2000 10:26 PM
>To: 'Hamlyn, Stewart'
>Subject: RE: [FW1] Action drop - Rule 0
>
>We had to apply the fix from phoneboy because this was actually causing us
>to drop connections between our Internal lan and our DMZ lan.
>
>See http://www.phoneboy.com/fw1/faq/0408.html
>
>In our file, #define ALLOW_NON_SYN_RULEBASE_MATCH was commented out.  I
>removed the comment markers to enable it and it solved the problem.
>
>
>-----Original Message-----
>From: Hamlyn, Stewart [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, November 09, 2000 6:57 PM
>To: [EMAIL PROTECTED]
>Subject: [FW1] Action drop - Rule 0
>
>
>Hi,
>
>Checkpoint 2000 FW-1 SP2 on a SUN running Solaris 2.6.
>I'm seeing connections been dropped via firewall rule 0. Is this normal. The
>ports are at random and the source and destination are both to internal and
>external servers. Reason in log says unknown established TCP packet.
>
>
>Action               Rule      Product
>Info
>----------------------------------------------------------------------------
>----------------------------------
>drop                    0          VPN-1 & FireWall-1 Module         reason:
>unknown established TCP packet
>
>Thanks in advance,
>Stew
>
>
>================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>================================================================================ 
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to