Thread: R60_HFA05
View Single Post
  #13 (permalink)  
Old 2007-01-25
Tetaworx Tetaworx is offline
Member
  
Join Date: 2006-01-04
Location: Germany
Posts: 36
Rep Power: 0
Tetaworx has an average reputation (10+)
Send a message via ICQ to Tetaworx
Default Re: R60_HFA05
* We've seen, that FW1_topo fails only with external connects. Locally (127.0.0.1 or local IP of node) the connect on port 264 works. (tested with telnet to port 264)

* We think, that the firewallkernel drops connections to port 264 (FW1_topo). However, Tracker shows "accept" for FW1_topo, since the Fiewall VM accepts the packet but the problem appears later in the chain.

* With fw monitor we see, that the drop appears between

"11: 2000000 (a361ab3c) (00000003) vpn policy inbound (vpn_pol)" and
"12: 10000000 (9f7e414c) (00000003) SecureXL inbound (secxl)"

* Everytime a failed connection to FW1_topo happens we see the following kernel-error:

"[LOG_CRIT] kernel: FW-1: ld_set_wto_ttl_ex: 1p is NULL or bad_time(-1) is not zero"

* Topologyupdates still do not work.

We are still waiting for checkpoint to tell us, what is going wrong.
Reply With Quote