Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] TCP Session Timeout

To: "Murphy, Paul" <[email protected]>
Subject: Re: [FW1] TCP Session Timeout
From: Rajeev Kumar <[email protected]>
Date: Tue, 17 Oct 2000 17:54:56 +0000
Cc: "'[email protected]'" <[email protected]>
References: <044EDEE3FD99D211AB270010E36016ED060B678E@EXCRSSAMPSON008>
Reply-to: [email protected]
Sender: [email protected]

Only solution in my view is to allow non-sync packets. With FW-1 4.1SP2,
firewall drops any NON-SYNC packets for connections not present in connection
table. For established connections after TCP timeouts (3600 default)
client/server send non-sync packets and thus FW drop these packets. But in order
to allow these packets

Modify $FWDIR/lib/fwui_head.def   (ONLY on MANAGEMENT SERVER)

Uncomment line:

#define ALLOW_NON_SYN_RULEBASE_MATCH

and reload policy.

Although under such circumstances anybody can send non-Syn packets (if rulebase
allows that connection.)

Rajeev


"Murphy, Paul" wrote:
> 
> Hi group.
> 
> So suppose I want a TCP session to be "always on"?   TCP Sessions are timed
> out after the policy property settings; currently 3600 seconds for me.
> 
> I have an application that is so well written that it requires a TCP session
> to be open indefinitely.  Is it possible to remove the time out altogether,
> or even better, is there a way to remove the timeout for a particular rule
> or service?
> 
> Cheers,
> 
> Paul.
> 
> ---------------------------------------------------------------------------------
> This e-mail is intended only for the above addressee. It may contain
> privileged information. If you are not the addressee you must not copy,
> distribute, disclose or use any of the information in it. If you have
> received it in error please delete it and immediately notify the
> sender.
> 
> evolvebank.com is a division of Lloyds TSB Bank plc.
> Lloyds TSB Bank plc, 71 Lombard Street, London EC3P 3BS.  Registered in
> England, number 2065.  Telephone No: 020 7626 1500
> Lloyds TSB Scotland plc, Henry Duncan House, 120 George Street,
> Edinburgh EH2 4LH. Registered in Scotland, number 95237.  Telephone
> No:> 
> Lloyds TSB Bank plc and Lloyds TSB Scotland plc are regulated by the
> Personal Investment Authority and represent only the Scottish Widows
> and Lloyds TSB Marketing Group for life assurance, pensions and
> investment business.
> 
> Members of the UK Banking Ombudsman Scheme and signatories to the UK
> Banking Code.
> ----------------------------------------------------------------------------------
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================

-- 
################################################################## 
     Rajeev  Kumar ([email protected])
        ==> Web:: http://www.rajeevnet.com  <== 
##################################################################


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] TCP Session Timeout
  - From: "Murphy, Paul" <[email protected]>

Prev by Date: Re: [FW1] CheckPoint 3.0b media
Next by Date: [FW1] SecuRemote and SecurID Firewall Version 4
Previous by thread: [FW1] TCP Session Timeout
Next by thread: Re: [FW1] TCP Session Timeout
Index(es):
- Date
- Thread