This is probably not a problem on you FW. It's on your client trying to do
the HTTP connection.
I have seen this on several HP-UX boxes. They always seem to send a ICMP
packet before they start other sessions.
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM]On Behalf
> Of Erik A.
> Widholm
> Sent: 27. oktober 2004 14:31
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] Cannot connect until after ping
>
>
> Additional details:
>
>
> The switch's perspective (monitor port, using Ethereal 0.10.7):
> 1 0.00000 66.185.250.1 -> portfolio.moody.edu HTTP C port=2521
> 2 2.99032 66.185.250.1 -> portfolio.moody.edu HTTP C port=2521
> 3 5.93445 66.185.250.1 -> portfolio.moody.edu HTTP C port=2521
> 4 20.52164 66.185.250.1 -> portfolio.moody.edu HTTP C port=2531
> 5 3.01498 66.185.250.1 -> portfolio.moody.edu HTTP C port=2531
> 6 5.26413 66.185.250.1 -> portfolio.moody.edu ICMP Echo
> request (ID: 512 Sequence number: 62977)
> 7 0.00000 portfolio.moody.edu -> 66.185.250.1 ICMP Echo
> reply (ID: 512 Sequence number: 62977)
> 8 0.77089 66.185.250.1 -> portfolio.moody.edu HTTP C port=2531
> 9 0.00082 portfolio.moody.edu -> 66.185.250.1 HTTP R port=2531
> 10 0.00015 66.185.250.1 -> portfolio.moody.edu HTTP C port=2531
>
> FW1's perspective (fw monitor):
> 1 0.00000 66.185.250.1 -> portfolio.moody.edu ICMP Echo
> request (ID: 512 Sequence number: 62977)
> 2 0.00011 66.185.250.1 -> portfolio.moody.edu ICMP Echo
> request (ID: 512 Sequence number: 62977)
> 3 0.00001 66.185.250.1 -> portfolio.moody.edu ICMP Echo
> request (ID: 512 Sequence number: 62977)
> 4 0.00002 66.185.250.1 -> portfolio.moody.edu ICMP Echo
> request (ID: 512 Sequence number: 62977)
> 5 0.00046 portfolio.moody.edu -> 66.185.250.1 ICMP Echo
> reply (ID: 512 Sequence number: 62977)
> 6 0.00003 portfolio.moody.edu -> 66.185.250.1 ICMP Echo
> reply (ID: 512 Sequence number: 62977)
> 7 0.00001 portfolio.moody.edu -> 66.185.250.1 ICMP Echo
> reply (ID: 512 Sequence number: 62977)
> 8 0.00001 portfolio.moody.edu -> 66.185.250.1 ICMP Echo
> reply (ID: 512 Sequence number: 62977)
> 9 0.77262 66.185.250.1 -> portfolio.moody.edu HTTP C port=2531
> 10 0.00019 66.185.250.1 -> portfolio.moody.edu HTTP C port=2531
>
> You will notice that FW1 doesn't even see the connection
> until after the ICMP has started! Look at the port numbers of
> the http request...
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
