CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have sign-ups from twelve different countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 7/14, 8/25, 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Authentication
Reload this Page TCP out of state
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2007-08-07
tech123 tech123 is offline
Member
  
Join Date: 2007-08-05
Posts: 40
Rep Power: 0
tech123 has an average reputation (10+)
Default TCP out of state
Hi ,

I have provider-1 environment,Iam facing this problem(TCP out of state;first packet isn't SYNC) on my firewall which is not in cluster,IPSO 3.8.Could you please help on this.

Thank you
tech123
Reply With Quote
  #2 (permalink)  
Old 2007-08-07
willmac willmac is offline
Junior Member
  
Join Date: 2007-08-03
Posts: 6
Rep Power: 0
willmac has an average reputation (10+)
Default Re: TCP out of state
Do you mean "first packet isn't SYN"?
This normally means that the firewall is doing it's job - the fiirewall is expecting a syn and getiing an ack.
There maybe some timeout issues on the application passing through - or keepalives not working.
Or there may be some asynchronous routing issue where the packet is coming in through a different path and you are seeing only the ack back.

Has this ever been working?
If so then it is most likely due to an application/server change or a routing change.

The firewall should be fine and I would go so far as to say doing anything on the firewall to permit out of state traffic is a bad idea and hides other issues.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 19:45.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0