O'Reilly logo

Essential Check Point™ FireWall-1® NG: An Installation, Configuration, and Troubleshooting Guide by Dameon D. Welch-Abernathy

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Problems with Stateful Inspection of TCP Connections

The problem with using a stateful firewall is that if the applications that go through it have a slightly different concept of what proper TCP state should be, or if the firewall makes invalid assumptions, some services will cease to function. The following subsections explain what some of those errors are and how to fix them.

6.20. TCP Packet Out of State

The “TCP Packet out of state” error message means that FireWall-1 sees a TCP ACK packet for which it does not have a matching state table entry. This may occur because the connection was inactive for a period of time or the connections tables were flushed (e.g., because of a policy installation or restart).

A little history is in order here. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required