Firewall Wizards mailing list archives
Re:
From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Fri, 3 Dec 1999 13:56:02 -0800
What you're seeing is "replies" from the web servers to outside machines. For whatever reason, FW-1 things that connection is either closed, or that you're out of sequence. AFAIK, the log messages are harmless, if annoying. Take a look here: http://www.phoneboy.com/fw1/faq/0130.html For a little more explaination. There are also instructions on how to "fix" it, untested by me personally, but Phoneboy knows his stuff. Ryan I have been using a Checkpoint Firewall-1 to protect my DMZ from the Internet. Since installation I have noticed that my webservers which are on the DMZ behind the firewall seem to be connecting to multitudes of Internet host unsolicited. The destination port seems to be random, but often increments. The source port from web servers is always 80 or 443. As I have added webservers this condition has gotten unbearable because of the massive amount of info in the log files. I do not allow unlimited access from the DMZ to the Internet so these packets are getting dropped at the firewall. I have checked with the web developement team and they say that they are not doing anything with the servers that would cause this. I know that I could filter out these events and not log them, but I want to understand what is happening first and look for other alternatives. Please let me know if you have seen this before.
Current thread:
- Re: Ryan Russell (Dec 05)