If this type of trafic is legitimate, you can try
this.
Modify the user.def file on the management station and
enter the follwing line:
deffunc user_accept_non_syn() { (src=x.x.x.x,
dst=y.y.y.y) };
or if it's always the same port
deffunc user_accept_non_syn() { dport = xx };
or you can try this if on a Nokia platform
modzap fw_reuse_established_conn
$FWDIR/boot/modules/fwmod.o <port>
modzap fw_accept_syn_rst $FWDIR/boot/modules/fwmod.o
<port>
Good luck
--- Haris Klitiropoulos <hkli AT SPACE DOT GR> wrote:
> Hello,
>
> it is not a matter of speed or lack of it, so
> increasing the timeout
> won't fix it. According to the message you get on
> your log, you have an
> already established connection (the 3-way handshake
> for that session has
> been completed). Your firewall intercepts a packet
> of that session that
> has SYN flag enabled and drops it. Packets with the
> SYN flag enabled are
> used only during the initialisation of the TCP
> session and never during
> an already established session. You should check why
> these packets
> appear in the first place. It shouldn't be the
> firewall's fault.
>
> Cihan Subasi (Garanti Teknoloji) wrote:
>
> >Hi,
> >
> >I am getting the message in the subject field (
> th_flags 2 message_info SYN for established
> connection) for some our clients, after doing a
> quick research I found out that those are mostly
> GPRS customers (and I guess they are slower than
> usual), as a solution to that, would it be enough
> to play with "tcpendtimeout" using dbedit or there
> are other things that I need to do? Thanks
> >
>
>***********************************************************
> >Cihan SUBASI
> >Garanti Technology
> >Internet ve Yazilim Hizmetleri
> >Tel:(90)(212)4783426 GSM:(90)(533)(2750353)
> >Fax:(90)(212)6576150
> >http://www.garantitechnology.com
> <http://www.garantitechnology.com/>
> >mailto:cihans AT garanti.com DOT tr
>
>***********************************************************
> >
> >
> >
> >This message and attachments are confidential and
> intended solely for the individual(s) stated in this
> >message.If you received this message although you
> are not the addressee you are responsible to keep
> >confidential the message.The sender has no
> responsibility for the accuracy or correctness of
> the
> >information in the message and its attachments.Our
> company shall have no liability for any changes
> >or late receiving,loss of integrity and
> confidentiality,viruses and any damages caused in
> >anyway to your computer system.
> >
> >Bu mesaj ve ekleri mesajda gonderildigi belirtilen
> kisi/kisilere ozeldir ve gizlidir.Bu mesajin
> muhatabi
> >olmamaniza ragmen tarafiniza ulasmis olmasi halinde
> mesaj iceriginin gizliligi ve bu gizlilik
> yukumlulugune
> >uyulmasi zorunlulugu tarafiniz icin de soz
> konusudur.Mesaj ve eklerinde yer alan bilgilerin
> dogrulugu ve
> >guncelligi konusunda gonderenin ya da sirketimizin
> herhangi bir sorumlulugu bulunmamaktadir.Sirketimiz
> >mesajin ve bilgilerinin size degisiklige ugrayarak
> veya gec ulasmasindan, butunlugunun ve gizliliginin
> >korunamamasindan, virus icermesinden ve bilgisayar
> sisteminize verebilecegi herhangi bir zarardan
> >sorumlu tutulamaz.
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages,
> >send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email
> >fw-1-owner AT ts.checkpoint DOT com
> >=================================================
> >
> >
> >
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
