Re: SOHO firewall dropping incoming 443 connections - incorrect state

From: Brother from another planet (somethingtellsme@youwanttospamme.com)
Date: 03/11/03 

From: "Brother from another planet" <somethingtellsme@youwanttospamme.com>
Date: Tue, 11 Mar 2003 13:15:50 -0500

That's a tough call on what to pin down on this issue. Have you called
Watchguard tech support? Or have you considered a Netgear router? I use an
FVS318, which I think you can configure for SOHO.

"ITguy_uk" <itguy_uk@hotmail.com> wrote in message
news:8be6df4c.0303110319.199b47ae@posting.google.com...
> I am currently using a Watchguard SOHO firewall (version 5.1.6 boot
> rom 3.7) to connect a private ethernet network to the internet via an
> ADSL line. The only incoming connection that I allow is an HTTPS port
> (443) to an Outlook Web Access server for remote users (mainly on
> dialups). Occasionally the firewall seem to just start denying HTTPS
> connections on port 443.
>
> Most of the time this works correctly and the firewall logs shows
> (IP's changed):
>
> 2003-02-19 18:20:41 Local0.Info 192.168.1.5 IP: Packet allowed from
> x.x.x.x port 1172 to 200.200.200.200 port 443 (TCP)(allow by HTTPS)
>
> However sometimes in the middle of these allowed messages I see:
>
> 2003-02-19 18:20:41 Local0.Warning x.x.x.x IP: Packet discarded from
> x.x.x.x port 1170 to x.x.x.x port 443 (TCP)(incorrect state)
> 2003-02-19 18:20:46 Local0.Warning x.x.x.x IP: Packet discarded from
> x.x.x.x port 1169 to x.x.x.x port 443 (TCP)(incorrect state)
> 2003-02-19 18:20:50 Local0.Warning x.x.x.x IP: Packet discarded from
> x.x.x.x port 1170 to x.x.x.x port 443 (TCP)(incorrect state)
> 2003-02-19 18:20:55 Local0.Warning x.x.x.x IP: Packet discarded from
> x.x.x.x port 1169 to x.x.x.x port 443 (TCP)(incorrect state)
> 2003-02-19 18:21:06 Local0.Warning x.x.x.x IP: Packet discarded from
> x.x.x.x port 1170 to x.x.x.x port 443 (TCP)(incorrect state)
> 2003-02-19 18:21:18 Local0.Warning x.x.x.x IP: Packet discarded from
> x.x.x.x port 1169 to x.x.x.x port 443 (TCP)(incorrect state)
> 2003-02-19 18:21:37 Local0.Warning x.x.x.x IP: Packet discarded from
> x.x.x.x port 1170 to x.x.x.x port 443 (TCP)(incorrect state)
> 2003-02-19 18:22:01 Local0.Warning x.x.x.x IP: Packet discarded from
> x.x.x.x port 1169 to x.x.x.x port 443 (TCP)(incorrect state)
> 2003-02-19 18:23:27 Local0.Info x.x.x.x IP: Packet allowed from
> x.x.x.x port 1173 to x.x.x.x port 443 (TCP)(allow by HTTPS)
> 2003-02-19 18:23:29 Local0.Warning x.x.x.x IP: Packet discarded from
> x.x.x.x port 1173 to x.x.x.x port 443 (TCP)(incorrect state)
>
> and then in reverts back to accepting again with the message:
>
> 2003-02-19 18:23:29 Local0.Info 192.168.1.202 IP: Packet allowed from
> x.x.x.x port 1174 to x.x.x.x port 443 (TCP)(allow by HTTPS)
>
> There appears several ways to resolve this:
>
> 1. Reboot the firewall.
>
> 2. External user disconnects from dialup reconnects, I assume this
> resolves it as the user obtains a new IP address from their ISP's DHCP
> server.
>
> 3. Wait and then attempt to reconnect. I assume this allows a timeout
> to take effect.
>
> I have read on the net that the "Incorrect state" messages is due to
> the TCP three way handshake not completing properly and so the
> firewall drops the connection. I also read that one person resolved a
> similar issue (dropping incoming SMTP connections) by downgrading the
> firmware on the box to a previous version but I am reluctant to do
> this because of the security implications. It was also suggested to
> check that this was not a licensing issue i.e. number of users and
> this is not the case.
>
> Has anyone else experienced this and if so have the resolved it? Any
> suggestions, hints or resolutions would be appreciated.
>
> Thanks in advance

Relevant Pages

  • Re: SOHO firewall dropping incoming 443 connections - incorrect state
    ... I take it this sample snip of your logs is from a single session? ... The only incoming connection that I allow is an HTTPS port ... Occasionally the firewall seem to just start denying HTTPS ... > There appears several ways to resolve this: ...
    (comp.security.firewalls)
  • SOHO firewall dropping incoming 443 connections - incorrect state
    ... The only incoming connection that I allow is an HTTPS port ... Occasionally the firewall seem to just start denying HTTPS ... There appears several ways to resolve this: ... External user disconnects from dialup reconnects, ...
    (comp.security.firewalls)
  • RE: DMZ Web Server and Internal SQL Server
    ... You may need to specify the IP address of the firewall and 1433 to allow ... the connection to succeed, since the client won't know how to resolve the ...
    (microsoft.public.sqlserver.connect)
  • Re: I am having connectivity problems
    ... firewall and turned ON Windows firewall. ... When I tried to install SP2 I was unable to get it thru Windows Update. ... does the connection problem persist? ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Serious Security Issue in Windows XP SP2s Firewall
    ... Subject: AW: Serious Security Issue in Windows XP SP2's Firewall ... If you update a WinXP SP-1 with enabled Internet ... Connection Firewall ...
    (Focus-Microsoft)