Re: [FW-1] MTU

[Crist Clark <crist.clark@FW1-NOSPAMGLOBALSTAR.COM>]

"Ramdas, Venkata (MED, TCS)" wrote:
>
> we are using NG FP3. Users are able to ping and able to telnet on port 80.
> but not able to receive the  webpage.

I wouldn't expect this to be a problem at the firewall. AFAIK, FW-1 can
deal with fragmented datagrams just fine. Sniff the tunnel outside of your
firewall. Then telnet to 80/tcp on the remote server. You should see the
two way traffic of the connection setup. Enter your HTTP request. You
should see it go out. Now, does anything come back? If it nothing comes back,
you can probably say that it is not the firewall causing the problems. It's
something that needs to be fixed on your tunnel end points, or something
else in between the remote server and your firewall is making trouble.

As for setting the MTU, I don't know ISPO, but I do know FreeBSD on which
it is based. Look at the output of ifconfig(8) to see the MTU for an interface.
You can change it by,

  # ifconfig <interface> mtu <value>

Are these Ethernet interfaces? The MTU is gonna be 1500.

> -----Original Message-----
> From: acosta@BR.ODEBRECHT.COM [mailto:acosta@BR.ODEBRECHT.COM]
> Sent: Thursday, August 21, 2003 2:59 AM
> To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
> Subject: Re: [FW-1] MTU
>
> Are you recieving ICMP messages as drop for this traffic at Checkpoint ?
> NG ? Which FP ?
>
> []'S
>
> ------------------------------------
> Antonio Costa
> Odebrecht Engenharia e Construcao
> Infra-Estrutura de Rede e Seguranca
> acosta@br.odebrecht.com
> Tel.: +55-11-3443-9813
> Fax.: +55-11-3443-9618
>
> ----- Original Message -----
> From: "v.r" <ramdas_firewall@YAHOO.CO.IN>
> Date: Thursday, August 21, 2003 6:17 am
> Subject: [FW-1] MTU
>
> > Hello,
> >
> > We have a site to Site VPN between our sites built
> > bweteen CISCO VPN concentrators. Checkpoint firewall
> > is transparently sitting between them.
> >
> > The users on one side are able to ping the server on
> > the other end. And also able to open conncetions on
> > the other end. But they are not able to get the
> > webpages from the server.
> >
> > when we enquired, it has been found out that the mtu
> > settings on the router is 1440.
> >
> > will there be any settings of MTU in checkpoint on
> > NOKIA IPSO?
> >
> > and also is there any conflict of HTTP exists with MTU
> > change?
> >
> > could you please help
> >
> > Thanks
> > v.r
> >
> > ________________________________________________________________________
> > Yahoo! India Promos: Win TVs, Bikes, DVD players & more!
> > Go to http://in.promos.yahoo.com
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to LISTSERV@amadeus.us.checkpoint.com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > fw-1-owner@ts.checkpoint.com
> > =================================================
> >
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV@amadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner@ts.checkpoint.com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV@amadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner@ts.checkpoint.com
> =================================================


--
Crist J. Clark                               crist.clark@globalstar.com
Globalstar CommunicationsThe information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.
If the reader of this e-mail is not the intended recipient, or the
employee or agent responsible to deliver it to the intended recipient,
you are hereby notified that any review, dissemination, distribution or
copying of this communication is strictly prohibited.  If you have
received this e-mail in error, please contact postmaster@globalstar.com

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================