[Sidewinder] SYN/ACK issue
Sidewinder moderated discussion list
sidewinder at adeptech.com
Mon Jul 28 23:42:35 EDT 2008
If you adding an acl using a proxy:
when you apply that acl, all existing sessions will abend, and have to
re-start, this is a feature of proxies
Why, because an application proxy terminates the inside session (to the
client) and then starts a new session (to the server) on the client's
behalf. If a session is already established, the proxy cannot assert itself
into that conversation already in progress.
HTH,
lcubed
On Mon, Jul 28, 2008 at 3:05 AM, Sidewinder moderated discussion list <
sidewinder at adeptech.com> wrote:
> All,
>
> We are in the process of implementing a G2 firewall and trying
> to figure out Proxy/IP Filter rule sets. We have most of it complete but
> are having an issue with one of the rules. We are trying to create an IP
> Filter rule that allows access from the internal burb to the external burb
> on tcp port 6667. This would seem to be a straight forward rule with no
> complication. However, when we implement this rule the logs explode with
> entries saying "Expected SYN, Got ACK" - Once this rule is implemented
> everyone is dumped off the IRC server even though there is another IP
> filter
> rule that we placed below that one which allows for all TCP ports. I've
> tried researching this over the net and can't find anything. I would open
> up a case but figured I'd post here first to see if anyone may have
> experienced this before in the past or is a relative easy fix that maybe
> I've overlooked.
>
>
>
> Thanks,
>
>
>
>
>
> Wayne
>
>
>
>
>
> _______________________________________________
> Sidewinder mailing list
> Sidewinder at adeptech.com
> http://mail.adeptech.com/mailman/listinfo/sidewinder
>
More information about the Sidewinder
mailing list