[fw-wiz] PIX dropping packets with source port 80

• Previous message: Paul D. Robertson: "Re: [fw-wiz] AIX LPAR security"
• Next in thread: Martin Maèok: "Re: [fw-wiz] PIX dropping packets with source port 80"
• Reply: Martin Maèok: "Re: [fw-wiz] PIX dropping packets with source port 80"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: firewall-wizards@honor.icsalabs.com
Date: Tue, 25 May 2004 12:44:14 -0400

My fellow experts,

We have a cluster of PIX 525. Since the upgrade of the PIX OS to 6.3(3), we get lots of 106023 messages, such as
%PIX-4-106023: Deny tcp src DMZ:aaa.bbb.ccc.ddd (asite.adomain.atld) /80 dst inside:OurProxy/37568 by access-group "acl_DMZ"

Conceptually, this is correct, since we certainly don't have any ACL allowing an external host to open a port on our internal proxy.

However, the behaviour here seems to be that connections opened by the proxy on the Web site are dropped when coming back (note source port 80) by that ACL (more exactly, by the default rule that drops everything on this access-group). More or less, it appears as "TCP out of sync" messages in CheckPoint jargon.

I have looked over the outbound connections, and seen that they are indeed opened by the PIX from the proxy to the destination Web site.

For the persons who uses the proxy, there is no issue...

However, I would like to get rid of these unuseful messages that drown the useful ones. And this has appeared only since we upgraded to 6.3(3).

As one of you experimented that already ?

Thank you for your precious help

  Lazlò

__________________________________________________________________
Introducing the New Netscape Internet Service.
Only $9.95 a month -- Sign up today at http://isp.netscape.com/register

Netscape. Just the Net You Need.

New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Paul D. Robertson: "Re: [fw-wiz] AIX LPAR security"
• Next in thread: Martin Maèok: "Re: [fw-wiz] PIX dropping packets with source port 80"
• Reply: Martin Maèok: "Re: [fw-wiz] PIX dropping packets with source port 80"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]