Re: [FW-1] NG AI and DNS drops

Subject:	Re: [FW-1] NG AI and DNS drops
From:	Aaron.Reynolds AT FRANKLINCOVEY DOT COM
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Wed, 30 Jul 2003 10:16:29 -0600

What is the error it is dropping on?  Is it a SmartDefense rule?

-----Original Message-----
From: Edwin Davidson [mailto:EDavidson AT PRIMEINC DOT COM]
Sent: Wednesday, July 30, 2003 8:29 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] NG AI and DNS drops

Since upgrading a Checkpoint FW1 4.1SP6 to NG AI I've noticed that AI drops
a lot more DNS traffic.

It is coming from the rule that blocks traffic w/a destination of the
firewall.  I assume my NATed DNS servers have made a request to these
dropped servers, but the UDP reply is taking too long to get back to the DNS
server.

UDP Virtual session timeout is set to 40 seconds.
Should I try increasing this?  After 40 seconds, I am
sure the DNS server has given waiting for a response - so
this probably wouldn't help.

I don't have UDP protocol enforcement enabled at the moment,
so that's not it.

Ideas?

Thanks!

Edwin Davidson

http://www.primeinc.com
**********************************************************************
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please reply to the sender of the
message.

The views expressed in this correspondence may not
reflect the views of Prime, Inc.

This footnote also confirms that this email message has
been scanned for the presence of computer viruses.
**********************************************************************

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [FW-1] NG AI and DNS drops, Aaron . Reynolds <= Re: [FW-1] NG AI and DNS drops, Edwin Davidson Re: [FW-1] NG AI and DNS drops, Aaron . Reynolds Re: [FW-1] NG AI and DNS drops, Edwin Davidson Re: [FW-1] NG AI and DNS drops, Crist Clark Re: [FW-1] NG AI and DNS drops, Edwin Davidson Re: [FW-1] NG AI and DNS drops, Crist Clark Re: [FW-1] NG AI and DNS drops, Edwin Davidson

Previous by Date:	[FW-1] fw putkey how to remove?, Denis Garon
Next by Date:	[FW-1] Smart Defense "Small PMTU" attack, Misha Alikov
Previous by Thread:	[FW-1] fw putkey how to remove?, Denis Garon
Next by Thread:	Re: [FW-1] NG AI and DNS drops, Edwin Davidson
Indexes:	[Date] [Thread] [Top] [All Lists]