CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.

Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E


Results 1 to 3 of 3

Thread: Firewall drops lpr connection only on specific source ports

  1. #1
    Join Date
    Zurich, Switzerland
    Rep Power

    Default Firewall drops lpr connection only on specific source ports

    Hi community
    That's a weired one.
    A remote location ist connected to the main site through a VPN (R77.10). All stuff was running fine since months.
    Yesterday, the provider at the remote site had troubles with DDOS, and the remote site was offline for 2 hours.
    When the VPN was re-established, we noticed a new, strange behaviour.

    There is a print server at the main site whichs sends print jobs through the VPN to the remote location on tcp port 515.
    If the source port of that connection is either 1017 or 1021, then the remote firewall drops it with :"TCP packet out of state: First packet isn't SYN".
    However, the local Firewall at the main site forwards these source ports without any problem,
    If the source port is something else, the print job works.
    All other connections using other serviecs work fine too.
    Floodgate is in use at both end to control bandwith.
    Local Print servers and remote firewall have been rebooted too.

    Any ideas are very well appreciated

  2. #2
    Join Date
    Rep Power

    Default Re: Firewall drops lpr connection only on specific source ports

    Weird one. I would clear the tunnel on both sites and see how this goes.
    If this still doesn't work I would change within a short maintenance window the IP address of the print server and see how this copes with incident.

  3. #3
    Join Date
    Netherlands, Europe
    Rep Power

    Default Re: Firewall drops lpr connection only on specific source ports

    Source port of 1017 or 1021 are both below the agreed Dynamic source ports starting at 1024 and therefore are not seen as standard and might be dropped, the only way around this would be to create a lpr service that has the source port range specified as 1017-1021.
    It is certainly not normal behavior to use a non High port as source, unless the specific protocol says so, like FTP data.
    When the printserver is a MS server you can heave a look at this document.
    Regards, Maarten.
    Triple MDS on R77.30, MDS on R80.10, VSX, GAIA.

Similar Threads

  1. Replies: 4
    Last Post: 2010-04-13, 08:09
  2. Source Specific Multicast
    By B0dhi74 in forum Miscellaneous
    Replies: 1
    Last Post: 2009-10-29, 08:59
  3. UDP drops on high ports from email server?
    By Spacetrucker in forum SecureClient/SecuRemote
    Replies: 9
    Last Post: 2008-03-06, 18:47
  4. Connection to firewall drops on policy install
    By trifid1967 in forum Miscellaneous
    Replies: 0
    Last Post: 2006-03-09, 02:34
  5. How to allow only specific ports to communicate with a system?
    By Barry J. Stiefel in forum Services (TCP, UDP, ICMP, etc.)
    Replies: 0
    Last Post: 2005-08-13, 15:08


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts