Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass."
https://exchange.xforce.ibmcloud.com/vulnerabilities/5468
http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-way_Connection