NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] To: [email protected]



[ Do you think the network cards can't handle all the traffic that goes
through the FW?]
I doubt thats the case... If you have the capability, replace those cards
and get layers 1&2 out of the way before you rip the firewall to shreds...


Thomas Poole

-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Friday, September 22, 2000 1:43 PM
Cc: [email protected]
Subject: [FW1] To: [email protected]


I set fullduplex mode in the ethernet ports of the switch and the ones in
the firewall. The problem remains.

The PCs get timeouts some times. 

The strange thing is that I don't get anything in the firewall log and the
ping from the FW1 to the switch NEVER gets timeouts.

Do you think the network cards can't handle all the traffic that goes
through the FW?

Thanks.





-----Original Message-----
From: Ilya Akinfiev [mailto:[email protected]]
Sent: Viernes, 22 de Septiembre de 2000 11:02 a.m.
To: [email protected]
Subject: RE: [FW1] Strange TCP Timeout problem


double check duplex and speed settings btw the fw and switches, and if you
can, force both the fw and switches'ports to a setting - do not autoneg..

hth

ilya

-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of
[email protected]
Sent: Friday, September 22, 2000 2:50 AM
To: [email protected]
Subject: RE: [FW1] Strange TCP Timeout problem
Importance: High


Hi,

I have a similar problem with the FW1 in my LAN.
The telnet sessions are disconnected (usually every 5, 10, 15 min)

My scenario is different:
a) Firewall 4.1 SP2 (NT server box with SP6).
b) Physical connection:

PC----Switch L4-------FW1-----Switch L2-----Server.

c) I'm using static NAT to enable access to the Server from the PC (Any
services).
d) I did set the Firewall TCP/UDP timeouts to max. values.
e) Continuos ping to the FW1 works fine but after some time gets timeouts
and after ther replies again.
f) Continuos ping from the PC to the Switch-L4 never gets timeouts.
g) Continuos ping from the FW to the Switch-L4 never gets timeouts
h) I disabled the FW1, interconnecting both switches and changing the PC's
IP address to the same Server's network. That way it works perfect.

The timeouts only happens when I use the firewall.
Do you think the problem could be the ethernet cards?
Thanks.

Best regards.

Alex





-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of Thaps
Matsabu
Sent: Viernes, 22 de Septiembre de 2000 02:28 a.m.
To: 'Christo Van Jaarsveld'; [email protected]
Subject: RE: [FW1] Strange TCP Timeout problem


Remeber your firewall waits a certain period for a response if it does not
get a response during that time it resets the connection. This is normal
behavior to prevent spoof attacks. you are more concerned about timeouts you
can increase this value if it still doesn't help dsisable spoofing, but then
you will be at risk.

Regards,

-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of Christo
Van Jaarsveld
Sent: 21 September 2000 09:04
To: '[email protected]'
Subject: [FW1] Strange TCP Timeout problem


Hi

I am busy figuring out a strange TCP timeout problem. Here's the scenario: A
client machine (Unix) communicates via Internet to another machine pulling a
list of +/- 1Mb files accross. In theory it's working fine - the client
makes the connection and the file transfer starts. Then at random time
(usually 1 to 3 minutes) the session aborts because of a timeout. I am
suspecting a networking problem along the route, but you never know.

Anyone out there that thinks it could be the firewall thats causing this?
It's a Fw-1 4.0 (build 4031) on an Intel box. Internet is a 256K line. If
so, any upgrades, patches amd so on that will be needed?

Thanks

Christo


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.