'[FW-1] th_flag 2 message_info SYN packet for established connections?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewall-1
Subject:    [FW-1] th_flag 2 message_info SYN packet for established connections?
From:       cisco4ng <cisco4ng () YAHOO ! COM>
Date:       2005-04-25 19:55:20
Message-ID: 20050425195520.51104.qmail () web52810 ! mail ! yahoo ! com
[Download RAW message or body]

All,

I get this "drop" message when my web server machine (which is
locating in the DMZ-1 network) makes a MsSQL connection to
a MS SQL Server machine (which is locating in another DMZ-2
network).  I allow tcp/udp port 1433 and 1434 from DMZ-1 to
DMZ-2.  I look at Checkpoint SecureKnowlegde base and
according to Checkpoint:

"The FireWall-1 NG FP3 Sequence Verifier mechanism is not activated.
In such a scenario the FireWall-1 is not tracking the "Sequence"
numbers on the connection's packets. Therefore "Reset" packets
are not fully trusted and any connection terminated in such a way
will pass to a 50 seconds "time out" table. During that time the
connection is still considered to be established. New attempts
to establish TCP connections using the same TCP details will
generate the above log."

it is telling me that Sequence Verifier is not enabled in
SmartDefense.  I went ahead and enable this feature in
SmartDense, push the policy and I am still getting this
drop message and the application is still not working.
By the way, the SK states that this is supported in NG FP3.

I even use dbedit to reduce the "tcpendtimeout" at first from
50 seconds (default) to 10 seconds.  When that did not work,
I reduced the value to 0 second and it is still not working.
A colleague of mine told me that someone was able to get it
working in NG with AI R55w (I have not been able to confirm
this).

Has anyone gotten this to work in NG Feature Pack 3 with HFA-325?

Thanks


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic