[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] AW: [FW1] WWW Timeout
Folks, I'm not quite sure wether I understand the problem- WWW is stateless, unless I am mistaken. There is no WWW connection to be dropped if the user is idle. Other protocols are different, but that is totally unrelated to FW-1 being stateful. Stateful primarily means that you don't need back-rules for a connection (as you need with non-stateful packet filters) as the connection is kept in a state table. Being able to drop a connection after some idle time is a sideeffect. And not always wanted, I might add, see the post of Ben Karlo. Logging mail is possible as Ed describes. But I'd personally prefere to log mail volume somewhere else than on the firewall, as my logs tend to grow quite quickly. Cheers, Joerg ------------------------------------------------------------ Joerg Weber, Systemadministration JET Online GmbH Altenkesseler Straße 17 / Geb. B5 66115 Saarbruecken mailto:[email protected] http://www.jet-online.de ------------------------------------------------------------ -----Ursprüngliche Nachricht----- Von: Ed Rolison [mailto:[email protected]] Gesendet: Freitag, 9. März 2001 10:16 An: [email protected] Betreff: Re: [FW1] WWW Timeout >Hello. I am fairly new to Firewall-1 and I would like to know if I can set >up a rule that would drop a users WWW connection if IDLE for more that a >specified amount of time. If Firewall-1 cannot provide that function is >anyone using a product such as this? > >Additionally, does Checkpoint make a product that can monitor e-mail >messages? For example, I would like a report of number of e-mails sent and >to which sites monthly. This is actually how a stateful firewall works. Checkpoint maintains a connection table of everything incoming and outgoing that it has 'seen'. If it sees a 'close' of connection then it'll expire the connection from the table. It will also time out a connection after a period of time (default is 3600 seconds IIRC). It then gets removed from the state table, and any further packets from this connection will be dropped. The firewall logs will allow you to check for email numbers and destinations - just check for outbound port 25 connections. Or have a look at your mail logs. -- Ed Rolison Systems Admin ER706-RIPE [email protected] ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|