Solaris Common Messages and Troubleshooting Guide

fwskip_parse_headers: invalid peer n


In Firewall-1, the connections encrypted with SKIP are dropped at certain times, specifically near the top of the hour. For example, connections will be dropped from 10:55 to 11:15, then continue working normally until 11:55. These error messages appear on the console in pairs:

fwskip_parse_headers: invalid peer n 
fw_skip_decrypt: cannot parse headers

These error messages are referring to the n counter. The n counter is the absolute number of hours in GMT time. It is included in the SKIP calculations as a safeguard against a playback attack. If the 2 hosts or firewalls exchanging encrypted packets are not in sync with respect to GMT time, they have different n counters and these errors appear.


Keep the clocks on the encrypting hosts within one hour of each other, GMT time.