Re:

["Ryan Russell" <Ryan.Russell () sybase com>]

What you're seeing is "replies" from the web servers to
outside machines.  For whatever reason, FW-1 things that connection
is either closed, or that you're out of sequence.  AFAIK, the
log messages are harmless, if annoying.

Take a look here:

http://www.phoneboy.com/fw1/faq/0130.html

For a little more explaination.  There are also instructions
on how to "fix" it, untested by me personally, but
Phoneboy knows his stuff.

                    Ryan




I have been using a Checkpoint Firewall-1 to protect
my DMZ from the Internet.  Since installation I have
noticed that my webservers which are on the DMZ behind
the firewall seem to be connecting to multitudes of
Internet host unsolicited. The destination port seems
to be random, but often increments.  The source port
from web servers is always 80 or 443.  As I have added
webservers this condition has gotten unbearable
because of the massive amount of info in the log
files.  I do not allow unlimited access from the DMZ
to the Internet so these packets are getting dropped
at the firewall. I have checked with the web
developement team and they say that they are not doing
anything with the servers that would cause this.  I
know that I could filter out these events and not log
them, but I want to understand what is happening first
and look for other alternatives.  Please let me know
if you have seen this before.