NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Timeout with User Authentication



Chris,
I think your problem has to do with the total retransmit timeout value 
for a TCP connection after it is established.
In the Stevens' book there is a chapter about this topic, at page 298.
The 10 minutes value is also explained there.

I have encountered myself this problem when trying to connect to various
machines via SSH.
Hope this helps a bit.
Cristian




Chris Alterio wrote:
> 
> Hi,
> 
> I  had a rule in my rulebase like this:
> 
> networkA -> networkB  telnet Accept Long
> 
> I chaned it to:
> 
> grpA@networkA -> networkB  telnet  UserAuth  Long
> 
> Now users in grpA have noticed their sessions time out after 10 minutes of
> keyboard inactivity. I checked the User Authentication Session Timeout and
> it is 15 minutes. If I change this value to something less than 10 (like 5),
> the value takes effect and the session is timed out after that span of
> inactivity. But anything over 10 does not seem to work.
> 
> I checked our authentication server (Radius) and there is nothing set to
> explain this occurrence.  I also checked routers and there is no timeout
> specified in them.
> 
> I have read about TCP_TIMEOUT here and in phoneboy and in the CheckPoint
> KnowledgeBase but I don't understand why this is needed unless I want to
> have different timeouts for different services (which is not the case).
> 
> I'd appreciate any ideas or clues anyone might have.
> 
> Thank You,
> Chris.
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.