Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help with FW-1 NG Log File...

Status
Not open for further replies.

LRowland

IS-IT--Management
Apr 18, 2001
3
GB
Hi People,

Does anyone have any input on why my FW-1 NG (with SP1) log file is fullup with 16,000 odd entries all like below...

Action|Service|Source | Destination | info
drop | 16830 |My isp's ProxyServer|My Proxy server| th_flags 10 message_info TCP packet out of state

The info part always says either "th_flags 10" or "th_flags 18"

Any assistance gratefully received..

Cheers,

Lee
 

- To disable only the logging ( only in FP1 ):

Using dbedit, edit the following property and change its value to "1" in the Management Station:

fw_allow_out_of_state_tcp

Reinstall the policy.

- To allow packets w/o SYN Flag:

Firewall-1 NG Hotfix 2:

Solaris:

Add the following line to the /etc/system file
set fw:fw_log_out_of_state_tcp = 0

NT / 2000:

In the registry under:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FW1\Parameters

Add variable DWORD named DisableLogOutOfStateTCP should be added with a value of 1 and reboot the machine.

Firewall-1 NG FP1:

Try to edit the following property to "0" using dbedit in the Management Station:

fw_allow_out_of_state_tcp

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top