Hi Mike,
I'm happy that it solved the issue! The first time I ran into that I could
not believe that the duplicate objects had something to do with that, but as
soon I got it working I figured out that it was the case...
Best regards and good luck,
Aylton
----- Original Message -----
From: "MikeCC" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 30, 2001 10:42 PM
Subject: RE: [FW1] Fw: unknown established tcp packet
>
> Hello all,
>
> Thanks to Aylton Souza suggestion about running into this problem and
> finding duplicate entries in the objects.C file.
>
> I looked at my objects.C and nearly all of the objects had duplicate
> entries, no doubt created when I tried to migrate this CMA. I removed the
> duplicate entries from the objects.C and now all is well.
>
> At 04:23 PM 7/26/01 -0400, Ray Lodato wrote:
> >I ran into exactly the same situation when I upgraded to SP3. Check out
>
><http://www.phoneboy.com/faq/0408.html>http://www.phoneboy.com/faq/0408.htm
l.
> >As of SP3, the default is to drop packets for connections not in the
> >connection table. Prior to SP3, it would try to match up the connection
> >with an existing rule. The FAQ has you uncomment the line "#define
> >ALLOW_NON_SYN_RULEBASE_MATCH" in fwui_head.def, and re-push the policy.
> >
> >Now, if someone could tell me why the connections are falling out of the
> >connection table so soon, that would help.
> >
> >
> >Ray Lodato
> >NEF Information Services
> >617-578-3197
> >[EMAIL PROTECTED]
> >-----Original Message-----
> >From: Dorny [mailto:[EMAIL PROTECTED]]
> >Sent: Wednesday, July 25, 2001 8:55 PM
> >To: [EMAIL PROTECTED]
> >Subject: [FW1] Fw: unknown established tcp packet
> >
> >Once again another e-mail titled unknown established tcp packet. I have
> >looked through the list but I was not able to find a definitive solution
for
> >this error. Here is my problem after applying the latest check point
> >service pack (SP4) I began seeing my logs fill up with dropped packets by
> >rule 0 with the unknown TCP error. Now I have customers telling me that
> >they cannot ssh, run restores, ect through their firewalls which upon
> >further investigation I noticed that all the packets were being dropped
by
> >rule 0. I am also seeing lots of in-bound packet to customer web sites
> >being dropped by rule 0 with the same error. None of this was happening
> >when I was at SP 1 or 2. Anyone out there have a solution for this????
> >
> >--Richard Dornhart
> >
>
> MikeCC
> http://atrek.org/mikecc
>
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
