This is just a wild guess, but are you running on Nokia IPSO with Flows
enabled? If so, perhaps your problem could be related to this one:
http://www.securityportal.com/list-archive/fw1/2001/Jun/0391.html
-m
----- Original Message -----
From: Ray Lodato
I ran into exactly the same situation when I upgraded to SP3. Check out
http://www.phoneboy.com/faq/0408.html. As of SP3, the default is to drop
packets for connections not in the connection table. Prior to SP3, it
would try to match up the connection with an existing rule. The FAQ has
you uncomment the line "#define ALLOW_NON_SYN_RULEBASE_MATCH" in
fwui_head.def, and re-push the policy.
Now, if someone could tell me why the connections are falling out of the
connection table so soon, that would help.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
