RE: FWX_E_TCP_NO_SYN_PACKET_DROPPED on SMTP Connections & HTTP
From: Chris (Chris_at_discussions.microsoft.com)
Date: 01/23/05
- Previous message: T.Mohamed: "Re: ISA 2004 as a H.323 gatekeeper"
- In reply to: GRhys: "RE: FWX_E_TCP_NO_SYN_PACKET_DROPPED on SMTP Connections & HTTP"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 23 Jan 2005 06:53:01 -0800
I am running standard Symantec Client on the ISA Server. I am running
Symantec for SMTP on my intermediate server and Symantec for Exchange on
Exchange. The smpt traffic related to the lost emails stops at the ISA server
and never makes it to my intermediate SMTP scan.
"GRhys" wrote:
> Chris,
> I built a second ISA identical to the first, but with no W2K or ISA patches
> added. I also didn't install the SurfControl for Web on ISA and McAfee AV for
> SurfControl which is running on the live server - I'd already switched them
> off but wanted to check the problem against code level. When I swapped it
> inline instead of the live server, I still got the error messages on the
> replacement baseline build ISA Server, o conculded it's not down to the
> additions.
>
> The only reduction in errors occurred when I stopped the AV scan on the
> external SGS 5400 Appliance Firewall, and then the majority of emails got
> through, BUT I still got the errors. I have support calls raised wih MS &
> Symantec, and will report here. This is crushing the customer's email
> dependancy and I need to resolve ASAP.
> I had thought there might be problems on the internal network (it's running
> sluggish) that were delaying the response packets, as the NO_SYN_DROPPED is
> mostly on the internal interface (reponse packets to inbound email sessions).
> I have a Network Monitor trace taken on the ISA (internal & external I/F) to
> plough through today.
> Gareth
>
> PS. Is your product Symantec for ISA, standalone Symantec G/W, or an
> appliance ?
>
> "Chris" wrote:
>
> > I am having a similiar problem. Many emails are not getting through to my
> > Symantec for SMTP gateway. Looking at the ISA logs, it is dropping random
> > smtp packets for some reason. I am running W2K3 and ISA 2004 with all updates
> > also. This is really a big problem.
> >
> > "GRhys" wrote:
> >
> > > The above has started occurring on our ISA Server 2004 with latest updates on
> > > SMTP and HTTP packets. SMTP email is being corrupted and is not getting
> > > through reliably to the internal MS Exchange server (NOT published by ISA,
> > > Static NAT is on external Symantec SGS5400 E3 Firewall)
> > >
> > > MSX Cluster --- PIX --- ISA -- SGS --- ISP Router --- The Internet
> > >
> > > ISA is acting as inline proxy for HTTP, and pass through without NAT for SMTP.
> > > E3 SGS 5400 is outer firewall.
> > > E3 PIX 515 is innner firewall (had to previously switch off SMTP fixup).
> > >
> > > I get the session Denied message in the log, and after adding columns and
> > > expanding the display on ISA Management saw the
> > > FWX_E_TCP_NOT_SYN_PACKET_DROPPED on the end of the line. I understand that
> > > ISA doesn't see the SYN in the TCP packet it thinks is starting a connection,
> > > but this is an anomoly - SYN will be sent when connections established. I
> > > have NETMON on the ISA Server, and will be taking a trace. I suspect ISA may
> > > be dropping current session state information, and thus sees follow on
> > > packets (both inbound and outbound) has SYN problems. Is this a bug !! ?
> > >
> > > Any comments on similar experiences appreciated - is it caused by the
> > > addition of a new W2K3 / ISA patch, or recently we added SurfControl for Web
> > > with McAfee AV. Undoing would be major embaressment - ITS SUPPOSED TO WORK.
> > >
> > > Thanks
> > > GRhys (UK)
> > > --
> > > Gareth Rhys MCSE RSACE NSA
- Previous message: T.Mohamed: "Re: ISA 2004 as a H.323 gatekeeper"
- In reply to: GRhys: "RE: FWX_E_TCP_NO_SYN_PACKET_DROPPED on SMTP Connections & HTTP"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
