Re: [FW-1] odd error

Subject:	Re: [FW-1] odd error
From:	Chris Hoff <choff AT CORNERSTONESECURITY DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Fri, 28 May 2004 14:23:30 -0500

This has to do with how Check Point handles fragmented packets. As we
all know, Check Point is a Stateful Inspection firewall. As part of
being a Stateful firewall, it reassembles fragmented packets before
making decisions about them. This particular error is because it did not
get all the fragmented packets for the original packet within the
correct amount of time - thus the timeout. There are resolutions in both
Check Point's Secureknowledge database and Nokia's database that deal
with how to increase the timeout. If you are only seeing this
sporadically, I would not worry about it. However, if it is a frequently
showing up on known good traffic, you might need to increase the
timeouts. You should be able to find the articles by simply searching
for Virtual defragmentation error.

Regards,

Chris

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Mike
Singleton
Sent: Tuesday, May 25, 2004 2:34 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] odd error

anyone seen this before? Checkpoint Secure NG w/AI build 289

Number:       77442
Date:            25May2004
Time:            11:18:13
Product:        VPN-1 & FireWall-1
Interface:      eth0
Origin:          fw1 (65.106.xxx.xxx)
Type:            Log
Action:          Drop
Protocol:       ipv6-crypt
Source:         fw2 (xxx.xxx.xxx.xxx)
Destination:  fw1 (65.106.xxx.xxx)
Information:  message: Virtual defragmentation error: Timeout
                     ip_id: 28061
                     ip_len: 0
                     ip_offset: 0
                     fragments_dropped: 1
                     during_sec: 60



Mike Singleton
Systems Administrator
Quorum Review, Inc.
msingleton AT quorumreview DOT com
206-902-3318
http://www.quorumreview.com <http://www.quorumreview.com/>



=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] odd error, Mike Singleton Re: [FW-1] odd error, Chris Hoff <=

Previous by Date:	Re: [FW-1] SecureRemote - Site created, but not responding, Matt Arntsen
Next by Date:	Re: [FW-1] ASD Server (Automatic Software Distribution), Chris Hoff
Previous by Thread:	[FW-1] odd error, Mike Singleton
Next by Thread:	[FW-1] To Backup a FW1 server, boobe jouke
Indexes:	[Date] [Thread] [Top] [All Lists]