[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] RE: maintaining the state for citrix ?
Appling a policy to the firewall will reset (drop from the state table) authenticated, encrypted, *AND* services that use custom inspect scripts (when you define a service as 'other'.) So if you use the Citrix protocol specific inspect script, those connections will have to be re-established when the firewall is reloaded. If, on the other hand, you simply create an object called TCP-1494 and use that service object instead of the ?citrix one, it should work fine through fw reloads. HTH. Jason At 10:08 AM 2/15/01 +0100, Thomas Nilsen wrote: > >This is what I've been searching for as well. > >But from what I can see on phoneboy, all that is needed on a FW-1 v3.0 or >above, is the new service which you defined with the match/prologue >settings. We are already using this, but we still get a broken connection >when a new policy is pushed... > >Is it a requirement even on v4.x to add the code to base.def? > >Regards, Thomas Nilsen >Kverneland IT > > >-----Original Message----- >From: Steven Zimmerman [mailto:[email protected]] >Sent: Wednesday, February 14, 2001 8:28 PM >To: 'Jason Jin'; [email protected] >Subject: RE: [FW1] RE: maintaining the state for citrix ? > > > >On www.phoneboy.com <http://www.phoneboy.com/> search for Citrix and it >will direct you how to add a statement to a file to keep a citrix session up >during a policy push. > > > >Steven Zimmerman > >CIO > >IR Network Solutions > >> >fax > > > >-----Original Message----- >From: Gibson, Brian [mailto:[email protected]] >Sent: Wednesday, February 14, 2001 2:57 PM >To: 'Jason Jin'; [email protected] >Subject: RE: [FW1] RE: maintaining the state for citrix ? > > > >When you reload the firewall you are essentiallly bouncing the Firewall. > >-----Original Message----- >From: Jason Jin [ mailto:[email protected] <mailto:[email protected]> >] >Sent: Wednesday, February 14, 2001 2:22 PM >To: [email protected] >Subject: [FW1] RE: maintaining the state for citrix ? > > > >Greeting, > >It appeared wherever the firewall policy reload, >the network connection for Citrix got disconnected. >Lance Spitzer's paper on firewall state table >mentioned that Authenticated and encrypted session >will get lost when you bounce the firewall. But how >about just re-load/re-install the policy, is that >supposed to get disconnected as well? Is this >a Citrix timeout issue? > >I don't like Citrix passing the firewall, but I >lost to the management for "business necessity." > >Any help or pointer to the relevent info. is >much appreciated. Please help. > >TIA, > >Jason > > > > >============================================================================ >==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html ><http://www.checkpoint.com/services/mailing.html> >============================================================================ >==== > > > >=========================================================================== ===== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html >=========================================================================== ===== > > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|