I turned on "Use strict TCP session handling" recently, and now I find I can't login to Network Solutions (https://www.networksolutions.com/manage-it/index.jsp).
If I turn off the Strict TCP option, Network Solutions login works.
Nothing appears in the IPS log, and I'm not using the HTTP proxy or content filter.
PacketFilter.log shows:
2012:09:28-14:06:25 fw2 ulogd[3416]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" seq="0" initf="eth1" outitf="eth0" dstmac="00:1a:4b:a8:fe:98" srcmac="00:23:7d:32:b4:6c" srcip="10.42.6.21" dstip="205.178.187.13" proto="6" length="1476" tos="0x00" prec="0x00" ttl="63" srcport="57182" dstport="443" tcpflags="ACK"
2012:09:28-14:06:34 fw2 ulogd[3416]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" seq="0" initf="eth1" outitf="eth0" dstmac="00:1a:4b:a8:fe:98" srcmac="00:23:7d:32:b4:6c" srcip="10.42.6.21" dstip="205.178.187.13" proto="6" length="1476" tos="0x00" prec="0x00" ttl="63" srcport="57182" dstport="443" tcpflags="ACK"
2012:09:28-14:06:51 fw2 ulogd[3416]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" seq="0" initf="eth1" outitf="eth0" dstmac="00:1a:4b:a8:fe:98" srcmac="00:23:7d:32:b4:6c" srcip="10.42.6.21" dstip="205.178.187.13" proto="6" length="1476" tos="0x00" prec="0x00" ttl="63" srcport="57182" dstport="443" tcpflags="ACK"
2012:09:28-14:07:27 fw2 ulogd[3416]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" seq="0" initf="eth1" outitf="eth0" dstmac="00:1a:4b:a8:fe:98" srcmac="00:23:7d:32:b4:6c" srcip="10.42.6.21" dstip="205.178.187.13" proto="6" length="1476" tos="0x00" prec="0x00" ttl="63" srcport="57182" dstport="443" tcpflags="ACK"
2012:09:28-14:08:38 fw2 ulogd[3416]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" seq="0" initf="eth1" outitf="eth0" dstmac="00:1a:4b:a8:fe:98" srcmac="00:23:7d:32:b4:6c" srcip="10.42.6.21" dstip="205.178.187.13" proto="6" length="1476" tos="0x00" prec="0x00" ttl="63" srcport="57182" dstport="443" tcpflags="ACK"
2012:09:28-14:10:38 fw2 ulogd[3416]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" seq="0" initf="eth1" outitf="eth0" dstmac="00:1a:4b:a8:fe:98" srcmac="00:23:7d:32:b4:6c" srcip="10.42.6.21" dstip="205.178.187.13" proto="6" length="1476" tos="0x00" prec="0x00" ttl="63" srcport="57182" dstport="443" tcpflags="ACK"
2012:09:28-14:12:38 fw2 ulogd[3416]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" seq="0" initf="eth1" outitf="eth0" dstmac="00:1a:4b:a8:fe:98" srcmac="00:23:7d:32:b4:6c" srcip="10.42.6.21" dstip="205.178.187.13" proto="6" length="1476" tos="0x00" prec="0x00" ttl="63" srcport="57182" dstport="443" tcpflags="ACK"
2012:09:28-14:14:38 fw2 ulogd[3416]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" seq="0" initf="eth1" outitf="eth0" dstmac="00:1a:4b:a8:fe:98" srcmac="00:23:7d:32:b4:6c" srcip="10.42.6.21" dstip="205.178.187.13" proto="6" length="1476" tos="0x00" prec="0x00" ttl="63" srcport="57182" dstport="443" tcpflags="ACK"
2012:09:28-14:16:08 fw2 ulogd[3416]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" seq="0" initf="eth1" outitf="eth0" dstmac="00:1a:4b:a8:fe:98" srcmac="00:23:7d:32:b4:6c" srcip="10.42.6.21" dstip="205.178.187.13" proto="6" length="89" tos="0x00" prec="0x00" ttl="63" srcport="57182" dstport="443" tcpflags="ACK PSH FIN"
10.42.6.21 is a Squid proxy, fwiw.
I've tried both IE8 and Firefox 15.
The client PC is WinXP SP3, and the Squid Proxy is on Linux (CentOS 5.8).
Thanks,
Barry
This thread was automatically locked due to age.
