Hi,
We are running FW-1 4.1 SP 2 on a Nokia 330. We have a problem with our
users losing their ssh sessions when ssh'ing in to a server behind the
firewall. Usually their session just freezes up and they have to start over.
I looked in the logs and found this error: unknown established TCP packet
So I did a search on phoneboy.com and found what seems to be a remedy for
this problem (posted at the bottom).
My question is this: Has anyone else had similar issues with
secureshell and FW1? If so, did this remedy help you? I would normally
search the archives for this sort of thing, but I don't think that this
mailing list has a searchable archive that I am aware of.
Thanks,
Rich
============================================================================
==========================================
HERE IS THE REMEDY TO THE PROBLEM
============================================================================
==========================================
unknown established TCP packet
Q:
I see the following messages over and over in my logs with a drop on rule 0:
unknown established TCP packet
A:
FireWall-1 has significantly changed how it deals with established TCP
connections. Whereas FireWall-1 versions prior to 4.1 SP2 used to try and
recover TCP connections for which it did not have a connections table
entry, it now simply drops these packets on the floor on rule 0 with this
error message. Earlier versions would also drop these packets and display
this message (or unknown reason code:12), but only after an attempt at
recovering the connection failed. In 4.1, you can revert to the old
behaviour by adding the following to $FWDIR/lib/fwui_head.def:
#define ALLOW_NON_SYN_RULEBASE_MATCH
You can disable logging of these packets in FireWall-1 4.1 base or 4.1 SP1
by commenting out the following line in $FWDIR/lib/fwui_head.def
(place two forward slashes '//' in front of the line).
#define CLUSTER_RULEBASE_MATCH_LOG
In FireWall-1 4.1 SP2 and later, you would comment out the following line
in $FWDIR/lib/fwui_head.def:
#define NON_SYN_RULEBASE_MATCH_LOG
If you see this message on a 4.0 installation, follow the instructions for
unknown reason code:12
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
