After upgrading FW-1 (Solaris) to the latest service pack (SP3 I believe),
I started getting *a lot* of drops with the message:
reason: unknown established TCP packet
Any idea why? I didn't change the timeouts (still 3600 seconds for TCP).
Note: the packets are almost always directed at our web proxy which is NATed
to an external address together with all other traffic. Can it be that there
is just to much traffic NATed on 1 external ip-address? (we have only 80 users
so traffic shouldn't be too heavy). Or are there other timeouts that apply
to NAT?
Nico
---------------------------------------------------------
"It has been said that there are only two businesses that
refer to customers as users: illegal drug trade and
the computer industry."
---------------------------------------------------------
Nico De Ranter
Sony Service Center (SDCE/NEE-B)
Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne)
1130 Brussel (Bruxelles), Belgium, Europe, Earth
Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86
e-mail: [EMAIL PROTECTED]
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
