Quote:
Originally Posted by renato_rj  Melipa, thanks for your help... But, FTP isnīt UDP packet, I donīt belive this solution is for me... |
Some of the traffic which Ray saw the error for was TCP based. Why changing that UDP option affected it, I cannot say. Do you have this option selected? If so then we already know its not a solution for you.
This snippet explains it better then I would, and gives you instructions to work around it, for NG at least:
Quote:
6.22: SmartView Tracker Log Error: Rule 0: Reason:
Violated Unidirectional Connection
FireWall-1 can mark a connection in the connections table to allow traffic to pass in one direction only. This can either be a connection that started from the inside, in which case FireWall-1 would mark the table to read that only outbound packets are allowed, or it can be a connection that originated from the outside, in which case FireWall-1 would mark the table to read that only inbound packets are allowed. This means that data can pass in only one direction (ACK packets as part of normal TCP are acceptable). When a packet violates a unidirectional connection, Check Point logs an entry into SmartView Tracker/ Log Viewer.
UDP services have an option to set a service to accept replies. In a sense, that is unidirectional. Unidirectional TCP connections occur with FTP. Some programs that use FTP do so in a nonstandard way that requires all the connections used by the FTP connection to be bidirectional. To allow for bidirectional FTP connections in FireWall-1 NG, perform the following steps. |
You can read the rest at:
http://searchsecurity.techtarget.com...Point-Ch06.pdf