Sure,
Thanks for the explanation.
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Ray
Sent: 24 December 2005 15:50
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Firewall dropping packets
Yeah, it's a weird message for sure. "tried to open a known service
port" -
Near as I can figure, if you have a service defined as using a specific
port, something trying to connect to that port will trip this block. It
may
have been a relevant defense tactic when firewalls only had a few ports
defined, but it sure causes problems now for everything above 1023.
We hit it when we were using Outlook through FW-1. It uses random high
ports
to communicate with Exchange. We would keep seeing this drop
intermittently
in the logs when Outlook picked a random port that was defined as a
service
on the firewall.
I suspect Lindsay is correct; this is a protection that got moved into
SmartDefense when it originally wasn't there.
Ray
>From: Lindsay Hill <lindsay.k.hill AT GMAIL DOT COM>
>Reply-To: Mailing list for discussion of Firewall-1
><FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
>To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>Subject: Re: [FW-1] Firewall dropping packets
>Date: Fri, 23 Dec 2005 17:26:13 +0000
>
>Doesn't matter what your logs say they were generated by, Ray's
>solution
>is the correct one. It is SmartDefense. It may not say that, since
that
>particular protection/setting has been around for a while, possibly
(can't
>quite remember) from before SmartDefense was called that.
>
>
>On 23 Dec 2005, at 13:15, Tauseef Khan wrote:
>
>>Thanks Ray
>>
>>That's definitely helped, but quite surprisingly these logs weren't
>>generated by smartdefense, rather they were generated by
>>VPN1&Firewall1. Any ideas.
>>
>>Kind regards
>>Tauseef
>>
>>-----Original Message-----
>>From: Mailing list for discussion of Firewall-1
>>[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Ray
>>Sent: 22 December 2005 19:33
>>To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>>Subject: Re: [FW-1] Firewall dropping packets
>>
>>
>>It's a SmartDefense drop. You have to change SmartDefense to allow
>>connections to all ports,
>>
>>Network Security
>>Dynamic Ports
>>Select the top radio button
>>
>>Ray
>>
>>>From: Tauseef Khan <Tauseef_Khan AT 3I DOT COM>
>>>Reply-To: Mailing list for discussion of Firewall-1
>>><FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
>>>To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>>>Subject: [FW-1] Firewall dropping packets
>>>Date: Thu, 22 Dec 2005 15:45:48 -0000
>>>
>>>I am getting the following error message in the firewall logs with no
>>>rule number against that. Any ideas.
>>>
>>>"reason: tried to open a known service port,;protocol:tcp; port_svc:
>>>ICKiller"
>>>
>>>
>>>Kind regrads
>>>
>>>
>>>
>>>*************************************************
>>>For addressee only. No legally binding commitments will be created by
>>>this e-mail message. Where we intend to create legally binding
>>>commitments
>>these
>>>will be made through hard copy correspondence or documents.
>>>
>>>3i Investments plc
>>>Registered office: 91 Waterloo Road
>>> London SE1 8XP
>>>Registered no:3975789
>>>Authorised and Regulated by the Financial Services Authority
>>>
>>>If you are not the intended recipient it may be unlawful for you to
>>>read, copy, distribute, disclose or otherwise use the information in
>>>this
>>e-mail.
>>>If you are not the intended recipient please contact us immediately.
>>E-mail
>>>may be susceptible to data corruption, interception and unauthorised
>>>amendment, and we do not accept liability for any such corruption,
>>>interception or amendment or the consequences thereof.
>>>
>>>3i is committed to following policies which protect your privacy and
>>>comply with current international data protection laws and
>>>regulations in
>>respect
>>>of personal data. Further details of these policies can be found at
>>>www.3i.com.
>>>*************************************************
>>>
>>>
>>>=================================================
>>>To set vacation, Out-Of-Office, or away messages,
>>>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>>>in the BODY of the email add:
>>>set fw-1-mailinglist nomail
>>>=================================================
>>>To unsubscribe from this mailing list,
>>>please see the instructions at
>>>http://www.checkpoint.com/services/mailing.html
>>>=================================================
>>>If you have any questions on how to change your
>>>subscription options, email
>>>fw-1-owner AT ts.checkpoint DOT com
>>>=================================================
>>
>>=================================================
>>To set vacation, Out-Of-Office, or away messages,
>>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>>in the BODY of the email add:
>>set fw-1-mailinglist nomail
>>=================================================
>>To unsubscribe from this mailing list,
>>please see the instructions at
>>http://www.checkpoint.com/services/mailing.html
>>=================================================
>>If you have any questions on how to change your
>>subscription options, email
>>fw-1-owner AT ts.checkpoint DOT com
>>=================================================
>>
>>
>>*************************************************
>>For addressee only. No legally binding commitments will be created by
>>this e-mail message. Where we intend to create legally binding
>>commitments these will be made through hard copy correspondence or
>>documents.
>>
>>3i Investments plc
>>Registered office: 91 Waterloo Road
>> London SE1 8XP
>>Registered no:3975789
>>Authorised and Regulated by the Financial Services Authority
>>
>>If you are not the intended recipient it may be unlawful for you to
>>read,
>>copy, distribute, disclose or otherwise use the information in this
>>e-mail. If you are not the intended recipient please contact us
>>immediately. E-mail may be susceptible to data corruption,
interception
>>and unauthorised amendment, and we do not accept liability for any
such
>>corruption, interception or amendment or the consequences thereof.
>>
>>3i is committed to following policies which protect your privacy and
>>comply with current international data protection laws and
regulations in
>>respect of personal data. Further details of these policies can be
found
>>at www.3i.com.
>>*************************************************
>>
>>=================================================
>>To set vacation, Out-Of-Office, or away messages,
>>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>>in the BODY of the email add:
>>set fw-1-mailinglist nomail
>>=================================================
>>To unsubscribe from this mailing list,
>>please see the instructions at
>>http://www.checkpoint.com/services/mailing.html
>>=================================================
>>If you have any questions on how to change your
>>subscription options, email
>>fw-1-owner AT ts.checkpoint DOT com
>>=================================================
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
*************************************************
For addressee only. No legally binding commitments will be created by this
e-mail message. Where we intend to create legally binding commitments these
will be made through hard copy correspondence or documents.
3i Investments plc
Registered office: 91 Waterloo Road
London SE1 8XP
Registered no:3975789
Authorised and Regulated by the Financial Services Authority
If you are not the intended recipient it may be unlawful for you to read, copy,
distribute, disclose or otherwise use the information in this e-mail. If you
are not the intended recipient please contact us immediately. E-mail may be
susceptible to data corruption, interception and unauthorised amendment, and we
do not accept liability for any such corruption, interception or amendment or
the consequences thereof.
3i is committed to following policies which protect your privacy and comply
with current international data protection laws and regulations in respect of
personal data. Further details of these policies can be found at www.3i.com.
*************************************************
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
