Welcome to ISAserver.org

TCP_NOT_SYN_PACKET_DROPPED

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Firewall] >> General >> TCP_NOT_SYN_PACKET_DROPPED

Page: [1]

Message

<< Older Topic Newer Topic >>

TCP_NOT_SYN_PACKET_DROPPED - 12.Jun.2008 2:30:02 PM

paulo.oliveira

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline

Hello all,

I have the following scenario: my internal users need to access an pop3/smtp server to send and receive e-mails. I have a rule allowing pop3/smtp from internal to external. Sometimes they can�t send e-mail and ISA logs the following message: 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED.
I was capturing those packets and some of them appears the following message: This frame is a (suspected) retransmission.

Anybody have any ideas what it could be?
Is there anyway to disable this ISA functionallity?

Thanks in advance.

Post #: 1

Featured Links*

RE: TCP_NOT_SYN_PACKET_DROPPED - 17.Jun.2008 7:55:39 AM

tshinder

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Paulo,

Sending mail is SMTP. Is that where the problem is?

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to paulo.oliveira)

Post #: 2

RE: TCP_NOT_SYN_PACKET_DROPPED - 17.Jun.2008 10:09:29 AM

paulo.oliveira

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline

Hi Tom,

I know that. But, like I said, they need to send and receive e-mails, that�s why I need to allow pop and smtp.

The problem usally happens when they are sending e-mails (SMTP). Do have any idea what�s going on, based on the log messages?

Do you want more info? Just ask.

Thanks for help.
Paulo Oliveira.

(in reply to tshinder)

Post #: 3

RE: TCP_NOT_SYN_PACKET_DROPPED - 18.Jun.2008 10:58:01 AM

tshinder

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Paulo,

It could those users have an email worm, and hitting your connection limits.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to paulo.oliveira)

Post #: 4

RE: TCP_NOT_SYN_PACKET_DROPPED - 18.Jun.2008 11:46:28 AM

paulo.oliveira

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline

Hi Tom,

I think this is not the problem. Cause we tried with a clean machine and we still got the problem.

One more detail (don�t know if it matters), our bandwidth usage is 97% the most of the time. Is this maybe have some influence?

Regards,
Paulo Oliveira.

(in reply to tshinder)

Post #: 5

RE: TCP_NOT_SYN_PACKET_DROPPED - 18.Jun.2008 12:16:55 PM

tshinder

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Paulo,

Yes! That certainly could be the problem. If it's hanging around 97% most of the time, there are going to be a good percentage of times that it's at 100% and some connections are going to be dropped.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to paulo.oliveira)

Post #: 6

RE: TCP_NOT_SYN_PACKET_DROPPED - 18.Jun.2008 2:13:03 PM

paulo.oliveira

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline

Hi Tom,

I was thinking about that too. And only for test I disabled the anti-spoofing feature for a couple of days and even with the link at 97% most of the time, we could experience a good improvement in sending e-mail.

What do you think about that?

Regards,
Paulo Oliveira.

(in reply to tshinder)

Post #: 7

RE: TCP_NOT_SYN_PACKET_DROPPED - 18.Jun.2008 4:29:40 PM

jmilito

Posts: 321
Joined: 10.Oct.2006
From: MICHIGAN, US
Status: offline

Just a little note... I would also try to see if you can figure out what that traffic is to see if there is anything you can get rid of...expecially if it is malicious. GFI Webmonitor would help with controlling malicious traffic as well as some of the liesure sites during business hours. You might try FairShare for ISA or a third-party packet-shaping appliance as well. Just thoughts of course.

(in reply to paulo.oliveira)

Post #: 8

RE: TCP_NOT_SYN_PACKET_DROPPED - 22.Jun.2008 11:01:37 AM