Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] FireWall-1 and Citrix problem.

To: "'[email protected]'" <[email protected]>
Subject: RE: [FW1] FireWall-1 and Citrix problem.
From: "Grey, Stewart" <[email protected]>
Date: Wed, 13 Sep 2000 08:46:50 -0500
Sender: [email protected]

We had a similar problem. Read the following article and perform the reg
change.  This worked for me and solved the problems.

Improving Performance over the Internet or Wan Link 
(Document ID -- CTX757449)
Last modified on: Thu Aug 03 15:45:06 2000 

Modify the default behavior of the TCP/IP protocol so that your server is
more accepting of inconsistent WAN links. 

TCP/IP uses the initial packet round-trip time at the moment when the
session is initiated to determine what is "normal" for that connection.
Because of this, it is better to have a consistently slow WAN connection and
worse to have a connection that starts out fast and then becomes slow. Such
an erosion of connection speed is common when connecting through an Internet
Service Provider (ISP), particularly when the connection is opened in the
morning and maintained into the work day.

To accommodate for this erosion of bandwidth, add a value to the
TcpMaxDataRetransmissions subkey on the Cirix server under the following
registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
TcpMaxDataRetransmissions = 10

If the value does not exist, highlight PARAMETERS, go to Edit and select add
value. Choose REG_ DWORD format.

TCP starts a retransmission timer when each outbound segment is handed down
to IP. If no acknowledgment is received for the data in a given segment
before the timer expires, the segment is retransmitted, up to the
TcpMaxDataRetransmissions times. The default value for this parameter is 5.

The retransmission timer is initialized to 3 seconds when a TCP connection
is established; however, it is adjusted "on the fly" to match the
characteristics of the connection using Smoothed Round Trip Time (SRTT)
calculations as described in RFC793. The timer for a given segment is
doubled after each retransmission of that segment.

Using this algorithm, TCP tunes itself to the "normal" delay of a
connection. Because the default number of retries is five, the round-trip
time can double four times (or in other words become 16X slower than its
initial value) before the session is dropped. By increasing this number to
10, you are allowing the round-trip time to double nine times instead of
four, thereby allowing the connection quality to erode up to 512X its
original value before being dropped. For example, a connection that begins
with a roundtrip time of 20 milliseconds would have to erode to a round-trip
time of 10,240 milliseconds before being dropped by the server

-----Original Message-----
From: Lawrence Mackley [mailto:[email protected]]
Sent: Wednesday, September 13, 2000 9:30 AM
To: Dwyer, Conan; '[email protected]'
Subject: Re: [FW1] FireWall-1 and Citrix problem.

If you are doing NAT set up an alternate address on
the Citrix server.

Larry

--- "Dwyer, Conan" <[email protected]> wrote:
> 
> Hello.
> 
> I hope somebody can help.
> 
> How can I get Citrix MetaFrame Published
> Applications working through the
> FireWall-1? I have a rule that allows users to see
> the Citrix Metaframe
> Desktop and that works fine. But has anyone used
> Citrix Published
> Applications through the Firewall and how can you do
> it.
> 
> Thank You
> 
> 
> 
>
---------------------------------------------------------------------------
> The contents of this email do not give rise to any
> binding
> legal obligation upon Halcrow Group Limited unless
> subsequently
> confirmed on headed business notepaper sent by fax,
> letter or as 
> an e-mail attachment. If you receive this email in
> error, please
> contact the sender and delete the message. Thank
> you.
>
---------------------------------------------------------------------------
> 
> 
>
============================================================================
====
>      To unsubscribe from this mailing list, please
> see the instructions at
>               
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====

__________________________________________________
Do You Yahoo!?
Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/

============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] "FW-1: Warning: modify for a new entry:" ...
Next by Date: RE: [FW1] Tracks Napster
Previous by thread: Re: [FW1] FireWall-1 and Citrix problem.
Next by thread: RE: [FW1] FireWall-1 and Citrix problem.
Index(es):
- Date
- Thread