Not gonna be easy at this time, But shall schedule in a test env. Cheers
-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Bhavin Gandhi Sent: Friday, 13 January 2006 2:59 PM To: [email protected] Subject: Re: [FW-1] TCP packet out of state Would it possible for u to change from tradi to simplified mode on the standalone box.... cheers... -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] Behalf Of Manjula Kularathne Sent: Thursday, January 12, 2006 4:29 AM To: [email protected] Subject: Re: [FW-1] TCP packet out of state My setup is bit peculiar, Where the Nokia cluster in simplified mode and the standalone Nokia in the traditional mode. Pre-share keys are selected in both. How can I test the site-to-site vpn is functioning between these two? (i.e simplified mode and traditional mode) ? -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Bhavin Gandhi Sent: Wednesday, 11 January 2006 3:53 PM To: [email protected] Subject: Re: [FW-1] TCP packet out of state I hope u have added both the firewall obj's in the VPN community at both the ends. Also check the networks exchanged during quick mode completion. Cheers, BG -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] Behalf Of Manjula Kularathne Sent: Wednesday, January 11, 2006 7:57 AM To: [email protected] Subject: [FW-1] TCP packet out of state Gents, I've one NOKIA IPSO 3.9 cluster (vrrp) and another single NOKIA IPSO 3.9. I'm unable to establish any TCP connection from/to any VLAN behind both FWs. Logs says connection accept and sometimes return with "TCP packet out of state: First packet isn't SYN tcp_flags: RST" But, I can establish TCP connections behind from any other Checkpoint FWs (e.g Solaris) to both vlans behind both Nokia boxes. Am sure everyone must have come across this error many times. According to the ClusterXL PDF... Some applications close connections with a RST packet (in order to reuse ports). To solve the problem, enable this behaviour to specific ports or to all ports. For example, run the command: fw ctl set -1 fw_trust_rst_on_port <port> Which means that VPN-1 Pro should trust a RST coming from every port, in case a single port is not enough. I haven't run the above command yet. Is there anyone could advice further on this command/issue, Any one with experiencing solving above issue by running the command or any other way? If it's above the solution, where do I run the command? In the cluster or in both ? Thanks in advance -mink ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
