[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] ssh connections lost
corne: If and whenever you get any clues please let me know as we are experiencing the same problems here. I would suspect that once the connection is opened and entered into the state table that CheckPoint never resets the TCP session counters from that point on meaning that if you have the default value set for established TCP connections to be 3600 seconds (1 hour) that after the one hour is up the connection is removed from the state table (even if there is activity on the connection). You also did not mention what version of CheckPoint you are running but from the scenario that you described I would imagine that you are running v4.1 SP2 or later. There are also several FAQs on phoneboys site that I think will help you understand the "new" functionality of 4.1 SPx in regards to TCP session timeouts. You can just do a search on TCP session timeouts and it should bring up several of them. Or you can enter the "reason" message that you are seeing in your logs. Not that this helps much but..... :) |--------+------------------------> | | "corne" | | | <corne@ddsecur| | | ity.co.za> | | | | | | 02/06/2001 | | | 04:12 AM | | | Please respond| | | to corne | | | | |--------+------------------------> >----------------------------------------------------------------------------| | | | To: [email protected] | | cc: (bcc: James E Clukey/Rush/RSH) | | Subject: [FW1] ssh connections lost | >----------------------------------------------------------------------------| Hi folks I have a situation where ssh connections from inside the fw dies some arbitrary time after they were started. Doing a sniff on the network (both sides of the fw) reveals the following: packets happily flow from the client to the server. At some stage the client sends another packet, at which point the server doesn't respond. This is the stage where the ssh connection is now dead. The client now sends a bunch of retransmits, thinking that the session is still up. After the session drops, I see dropped packets in the fw log, with the error "unknown established tcp packet". This would indicate that the fw no longer has an entry in its state table for that connection. But why would the connection disappear from the table? From a network sniff, there is no indication that a reset or fin is sent, or anything like that. It seems as if the fw is arbitrarily removing that connection. Any ideas? Regards Corne van Dyk Dimension Data: Network security engineer Tel: +27 21 659 2540 Fax: +27 21 659 2101 Helpdesk: +27 21 659 2112 ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|