RE: [FW1] drop on rule 0

Palmer, Kevin Tue, 21 Nov 2000 19:06:53 -0800

Brian,

Rule 0 covers implied rules configured in Policy, Properties. Most rule 0
configuration problems can be traced back to Policy, Properties, Security
Policy; Policy, Properties, SynDefender; and Anti-Spoofing defined in your
Firewall workstation object.

Which example below most closely matches what you are seeing in the log
viewer?

Ex. Action  Source  Destination  Rule  Info
A   Accept  User    Server       > 0
B   Drop    Server  User         0     Unknown established TCP packet
C   Drop    User    Server       0     Unknown established TCP packet

Are these drops causing problems for end-users? (You might expect a few
drops after pushing a new policy.)

Kevin Palmer 
Network Engineer - MCSE+I, CCSE
Granite Solutions, Inc. 
P: (877) 755-4455
P: (616) 324-8231 x26
F: (616) 324-5240 
http://www.gsite.com



-----Original Message-----
From: Brian Noecker [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 21, 2000 6:04 PM
To: 'Andrew Bagrin'; Brian Noecker;
[EMAIL PROTECTED]
Subject: RE: [FW1] drop on rule 0



reason: Unknown established TCP packet

-----Original Message-----
From: Andrew Bagrin [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 21, 2000 4:02 PM
To: Brian Noecker; [EMAIL PROTECTED]
Subject: Re: [FW1] drop on rule 0


what does the description say at the very end of the log?
Andrew Bagrin
Secure-1
865-803-2748
www.secure-1.com
----- Original Message -----
From: Brian Noecker <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, November 21, 2000 5:45 PM
Subject: [FW1] drop on rule 0


>
> Does anyone know why my log view shows me that attempts to access servers
> via certain tcp ports are being dropped via rule 0?
>
> The other entries reference actual rules in the rulebase, but there is no
> rule 0?
>
> Thanks,
> Brian
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
RE: [FW1] drop on rule 0

Reply via email to
