Firebird palo alto problem

23 views
Skip to first unread message

Attila Bolvári

unread,
Jul 2, 2026, 4:08:53 AM (yesterday) Jul 2
to firebird-support
Dear All!

Im new both is firebird and palo alto :)
We have a pms application what uses firebird 4.0.5 now, and a palo alto what was choosen not by us :D 
So the problem is, we randomly get on the clients an error write data to the connection error, it looks like the connection lost somehow, but in the logs there are no sign of this.
So i was wondering in the palo there are millions of options, and i think its so smart, its drops the connections what is to long has no activity or something like this.
On 3050 i dont see any issue, but on 3051 what was set up by the application developer i see a lot of aged out packets, rst tcp server and client both. 
Can this be the problem, or firebird has some palo alto related weird problem?
Thank you for the help!

Attila

Mark Rotteveel

unread,
Jul 2, 2026, 4:12:02 AM (yesterday) Jul 2
to firebird...@googlegroups.com
What is a palo alto? The only Palo Alto I know, is a city in the United
States.

Mark
--
Mark Rotteveel

Dimitry Sibiryakov

unread,
Jul 2, 2026, 4:18:54 AM (yesterday) Jul 2
to firebird...@googlegroups.com
Attila Bolvári wrote 02.07.2026 8:44:
> On 3050 i dont see any issue, but on 3051 what was set up by the application
> developer i see a lot of aged out packets, rst tcp server and client both.

On RST packet pay attention to TTL field. It can help discover source of the
packet.

--
WBR, SD.

Elmar Haneke

unread,
Jul 2, 2026, 4:46:50 AM (yesterday) Jul 2
to firebird...@googlegroups.com


Am 02.07.26 um 08:44 schrieb Attila Bolvári:
On 3050 i dont see any issue, but on 3051 what was set up by the application developer i see a lot of aged out packets, rst tcp server and client both. 


You should check if your PaloAlto-Firewall does have some special treatment for port 3050 implemented. If so the solution might be copying that to port 3051.

Elmar


Dimitry Sibiryakov

unread,
Jul 2, 2026, 4:49:12 AM (yesterday) Jul 2
to firebird...@googlegroups.com
'Elmar Haneke' via firebird-support wrote 02.07.2026 10:46:
> You should check if your PaloAlto-Firewall does have some special treatment for
> port 3050 implemented. If so the solution might be copying that to port 3051.

It is also possible that Firebird instance listening on port 3050 has
different configuration.
For example Firebird setting "DummyPacketInterval" can defeat firewall's idle
connection timeout.

--
WBR, SD.

Attila Bolvári

unread,
Jul 2, 2026, 8:31:46 AM (21 hours ago) Jul 2
to firebird-support
Dear Mark!

Palo alto is a next gen firewall :)

Under firewall logs i didnt see any ttl related data.
I checked the logs, and if i see  this in the logs:
APPSERVER Thu Jul 2 12:48:13 2026
INET/inet_error: read errno = 10054, aux client host = lnb0023, address = 172.16.22.85/54764
I see that on the firewall the packet is got insufficient-data category, and with event tcp rst from server client reason.
But still no clue what happens.

Attila

Dimitry Sibiryakov

unread,
Jul 2, 2026, 8:35:38 AM (21 hours ago) Jul 2
to firebird...@googlegroups.com
Attila Bolvári wrote 02.07.2026 14:12:
> I see that on the firewall the packet is got insufficient-data category, and
> with event tcp rst from server client reason.

Try to look at RST packet itself:
https://www.linkedin.com/posts/jatinder-sharma-97b7211a_tcp-4-way-handshake-completes-but-a-tcp-activity-7414652844739526656-nGc6/

--
WBR, SD.
Reply all
Reply to author
Forward
0 new messages