[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] A New TCP Timeout question
That would make sense, and I'll try it, but I still have one question. Is there any way to tell what the current TCP timeout limit is for each F/W? Short of documenting it somewhere off the Firewalls... > ---------- > From: Loesch, John[SMTP:[email protected]] > Sent: Friday, March 16, 2001 5:13 AM > To: 'Croft, Ed' > Subject: RE: [FW1] A New TCP Timeout question > > For now, you'll need to change the timeout, push the policy to Site B, and > then change the timeout back. As long as these settings are "global", > you'll have to remember to change the setting back after a policy push or > the other Sites will pick it up next time you push to them... > > -----Original Message----- > From: Croft, Ed [mailto:[email protected]] > Sent: Friday, March 16, 2001 1:09 AM > To: Checkpoint Mailing List > Subject: [FW1] A New TCP Timeout question > > > > I have been watching the list and haven't seen this question posted. So > if > it has, please forgive me for asking again... > > We have one management console to take care of our primary F/W that most > of > the company (approx. 2000 users) uses at Site A (Sun/Unix box). This same > management console also takes care of a secondary F/W at a different > location (Site B, Nokia 330) that takes care of approx. 100 users. It has > been requested that we increase the TCP timeout session from the default 1 > hour setting to 4-5 hours on the F/W at Site B (Nokia 330). While I do > not > think that it will be a problem for a F/W only handling 100 users, I don't > want to make this change to the Primary F/W that is taking care of 2000 > users. As far as I can tell, you can only set the TCP timeout under > properties of the management station, and that it would apply to both > Firewalls. > > > Internet Internet > | | > | | > Site A (Unix)------Management console----Site B (Nokia) > | | > 2000 users 100 users > > > > Am I mistaken in thinking that I can not make individual TCP timeout > settings to each of the Firewalls that our one management station takes > care > of? > > -Ed > > P.S. Thanks in advance for any help I can get on this problem. And no, > training the user to shut down the application when they are not using it > is > not one of my options... > > > ========================================================================== > == > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ========================================================================== > == > ==== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|