Hello again, We isolated the problem relating to the dropped unknown tcp packet. I am aware of how 4.1 sp2 works differently and the ability to turn off logging of these drops. The issue however was that these particular sessions should not have been unknown. What happened was that I was actually passing through two sets of firewalls (both vrrp pairs) and my dropped packet message was not coming from the firewalls immediately before the server but the ones closest to my workstation. And due to incorrectly configured routes the return packets were actually trying to go through the secondary firewall in the pair closest to my workstation. But that raises a question, these firewalls are state synchronized, so why didn't the return packet go through? Apparently because these firewalls use flows and therefore I wasn't going through the rule base but the OS session tables. So does that mean that state synchronized firewalls do not share the state of tcp sessions which are being handled by flows? MikeCC http://atrek.org/mikecc ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
