This is probably not a problem on you FW. It's on your client trying to do the HTTP connection. I have seen this on several HP-UX boxes. They always seem to send a ICMP packet before they start other sessions.
> -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] Behalf > Of Erik A. > Widholm > Sent: 27. oktober 2004 14:31 > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] Cannot connect until after ping > > > Additional details: > > > The switch's perspective (monitor port, using Ethereal 0.10.7): > 1 0.00000 66.185.250.1 -> portfolio.moody.edu HTTP C port=2521 > 2 2.99032 66.185.250.1 -> portfolio.moody.edu HTTP C port=2521 > 3 5.93445 66.185.250.1 -> portfolio.moody.edu HTTP C port=2521 > 4 20.52164 66.185.250.1 -> portfolio.moody.edu HTTP C port=2531 > 5 3.01498 66.185.250.1 -> portfolio.moody.edu HTTP C port=2531 > 6 5.26413 66.185.250.1 -> portfolio.moody.edu ICMP Echo > request (ID: 512 Sequence number: 62977) > 7 0.00000 portfolio.moody.edu -> 66.185.250.1 ICMP Echo > reply (ID: 512 Sequence number: 62977) > 8 0.77089 66.185.250.1 -> portfolio.moody.edu HTTP C port=2531 > 9 0.00082 portfolio.moody.edu -> 66.185.250.1 HTTP R port=2531 > 10 0.00015 66.185.250.1 -> portfolio.moody.edu HTTP C port=2531 > > FW1's perspective (fw monitor): > 1 0.00000 66.185.250.1 -> portfolio.moody.edu ICMP Echo > request (ID: 512 Sequence number: 62977) > 2 0.00011 66.185.250.1 -> portfolio.moody.edu ICMP Echo > request (ID: 512 Sequence number: 62977) > 3 0.00001 66.185.250.1 -> portfolio.moody.edu ICMP Echo > request (ID: 512 Sequence number: 62977) > 4 0.00002 66.185.250.1 -> portfolio.moody.edu ICMP Echo > request (ID: 512 Sequence number: 62977) > 5 0.00046 portfolio.moody.edu -> 66.185.250.1 ICMP Echo > reply (ID: 512 Sequence number: 62977) > 6 0.00003 portfolio.moody.edu -> 66.185.250.1 ICMP Echo > reply (ID: 512 Sequence number: 62977) > 7 0.00001 portfolio.moody.edu -> 66.185.250.1 ICMP Echo > reply (ID: 512 Sequence number: 62977) > 8 0.00001 portfolio.moody.edu -> 66.185.250.1 ICMP Echo > reply (ID: 512 Sequence number: 62977) > 9 0.77262 66.185.250.1 -> portfolio.moody.edu HTTP C port=2531 > 10 0.00019 66.185.250.1 -> portfolio.moody.edu HTTP C port=2531 > > You will notice that FW1 doesn't even see the connection > until after the ICMP has started! Look at the port numbers of > the http request... > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
