| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] FW-1 SP2 (reloading policy and connection table)
Hello All,
As many of you have been migrated to FW-1 SP2. Correct me if I am wrong here.
-> Whenever you run fwstop;fwstart , FW-1 flushes its connection table and as a default
behavior it won't allow established connection anymore. (Since they are sending
NON-SYN)
packets after FW-1 restart. And you will see lots of "Unknown established TCP
packets".
RESULT: You will loose all valid connections. (telnet, ftp, rlogin, any client/server
application based
on TCP/IP) after FW-1 restart process.
->Same thing happens even if you try to reload security policy from management GUI. It
also
flushes connection table and loose all established connections.
So what that means is , I can not modify/reload security policy during day time as I know
lots of
users will scream at me. If you have multi-site setup spread all over globe, then users
are busy
round-the-clock and again I can not reload policy without hurting users.
IS THERE ANY EASY SOLUTION TO THIS in FW-1 SP2?
(I want to keep this feature of rejecting "Unknown TCP Packets" (if they are really
unknown)
but also do not want to loose my valid established connections.)
Yes! I want to have my own cake and eat it too!!
Thanks!!
Rajeev
--
********************************************************************
Rajeev Kumar ([email protected])
http://www.rajeevnet.com
********************************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
