[fw-wiz] Checkpoint - Out of state packet

saudi sans saudisans at gmail.com
Tue Sep 25 10:21:13 EDT 2007


We are having Nokia Checkpoint in load balancing mode.

In the Checkpoint logs we get DROP packets messages "TCP packet out of
state: First packet isn't SYN;".It looks like out-of-state packets are
getting dropped. I am NOT worried about this.

What is worrying is source IP of the packets is of the Firewall
interface itself. The destination address/port is of the server
protected by the Firewall.

I am trying to investigate how can we get packets with source IP as
Firewall interface.

My doubts:

1. When Checkpoint encounters an out-of-state packet and DROP it, does
it log the message with source-IP as of the Firewall.

2. Assuming the Firewall is configured properly, what   are the other
instances when we get DROP traffic logs with source-address as of the
Firewall interface


Am I totally on the wrong direction in this investigation?


More information about the firewall-wizards mailing list