RE: [FW1] Fw: unknown established tcp packet

Tue, 31 Jul 2001 11:27:00 -0700 


Hello all,

Thanks to Aylton Souza suggestion about running into this problem and 
finding duplicate entries in the objects.C file.

I looked at my objects.C and nearly all of the objects had duplicate 
entries, no doubt created when I tried to migrate this CMA.  I removed the 
duplicate entries from the objects.C and now all is well.

At 04:23 PM 7/26/01 -0400, Ray Lodato wrote:
>I ran into exactly the same situation when I upgraded to SP3. Check out 
><http://www.phoneboy.com/faq/0408.html>http://www.phoneboy.com/faq/0408.html. 
>As of SP3, the default is to drop packets for connections not in the 
>connection table. Prior to SP3, it would try to match up the connection 
>with an existing rule. The FAQ has you uncomment the line "#define 
>ALLOW_NON_SYN_RULEBASE_MATCH" in fwui_head.def, and re-push the policy.
>
>Now, if someone could tell me why the connections are falling out of the 
>connection table so soon, that would help.
>
>
>Ray Lodato
>NEF Information Services
>617-578-3197
>[EMAIL PROTECTED]
>-----Original Message-----
>From: Dorny [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, July 25, 2001 8:55 PM
>To: [EMAIL PROTECTED]
>Subject: [FW1] Fw: unknown established tcp packet
>
>Once again another e-mail titled unknown established tcp packet.  I have
>looked through the list but I was not able to find a definitive solution for
>this error.  Here is my problem after applying the latest check point
>service pack (SP4) I began seeing my logs fill up with dropped packets by
>rule 0 with the unknown TCP error.  Now I have customers telling me that
>they cannot ssh, run restores, ect through their firewalls which upon
>further investigation I noticed that all the packets were being dropped by
>rule 0.  I am also seeing lots of in-bound packet to customer web sites
>being dropped by rule 0 with the same error.  None of this was happening
>when I was at SP 1 or 2.  Anyone out there have a solution for this????
>
>--Richard Dornhart
>

MikeCC
http://atrek.org/mikecc



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to