![]() Then I got involved and just sort of tackled my way through it in a trouble-shooting session. But there were different firewall colleagues involved, none with any first-hand experience of the issue. And of course no one was thinking about it or expecting what happened next, which is, these exact same problems started all over again. Then four months later, after the firewall was upgraded to v 81.10, they must have set SYN DEFENDER (AKA synatk) up all over again. In this case it was an internal firewall and ir was comfortable to disable SYN DEFENDER on it. The practical effect is that even if you’re taking traces on the Checkpoint, checking the logs, etc, you won’t see the traffic! So that really throws most firewall admins is this situation is so unusual and they are not trained to look for it. If it sees too many out of state packets in a given time it will shut down the interface where the problem was observed! That guy led us to look at SYN DEFENDER which is part of IPS and enabled via fw accel. And he got a really expert Checkpoint support person on the call. So I got a more cooperative firewall colleague on this. The firewall person on call looked at the firewall, saw some of the described traffic passing through, and declared firewall is fine. Some would work and then minutes later not work. ![]() ![]() ![]() They were failing every few minutes, and then became good.Īnd these FTPs were like that as well. We have a bunch of synthetic monitors we run though that same firewall. And frankly, I was coincidentally having intermittent issues with my scripted speedtests. ![]() What to do, what to do… I go on the offensive and say they have to stop using FTP (and that’s literal FTP, not sftp, not FTPs, just plain old FTP), it’s been out of date for at least 15 years.īut that wasn’t really helping the situation, so I had to dig a lot deeper. Our EDI group hails me last Friday and says they can’t reach their VANs, or at best intermittently. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |