Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] slow initial connection

Subject: Re: [FW1] slow initial connection
From: Bill Husler <[email protected]>
Date: Tue, 31 Oct 2000 09:02:59 -0800
Cc: [email protected]
References: <[email protected]> <[email protected]>
Reply-to: [email protected]
Sender: [email protected]

Maybe I should just be quiet and listen - I was so fixated on the other discussion
(where the firewall is the endpoint), I missed that these were connections through
and not to the firewall.
Bill

cryptotech wrote:

> In the telnet process, the remote box will usually attempt to send an IDENT packet
> back to the sender.  As this will appear to the firewall as an unsolicited IDENT
> query, it will be dropped.  You can validate this by 1) looking in the log viewer
> for entries on the cleanup rule, 2) create a rule that says any externalnat-ip any
> drop.
>
> You should see the incoming ident package being dropped.
>
> Of course part of the problem is the DNS that the others have spoken of.
>
> BTW, you can deal with this problem if you create a rule that says any
> externalnat-ip ident reject.
>
> Cheers,
>
> [email protected] wrote:
>
> > Here's a problem that I've been wrestling with for the past three months.
> > When making an outbound TELNET or FTP connection, the client connects
> > immediately but doesn't receive a logon prompt till about 60 seconds
> > afterwards.  At that point the users can login and everthing functions
> > properly.
> >
> > Any ideas?
> >
> > Damir Matanic
> > Chicago
> > >
> >
> > ================================================================================
> >      To unsubscribe from this mailing list, please see the instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ================================================================================
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] slow initial connection
  - From: [email protected]
- Re: [FW1] slow initial connection
  - From: cryptotech <[email protected]>

Prev by Date: RE: [FW1] Installing FW-1 on Linux
Next by Date: [FW1] SecureRemote on Windows ME?
Previous by thread: Re: [FW1] slow initial connection
Next by thread: Re: [FW1] slow initial connection
Index(es):
- Date
- Thread