NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Telnet using SecuRemote timing out



Greetings!
    We are running FW 4.1.2 on an RS/6000 running AIX 4.3.3.  Behind
that we have an RS/6000 running an application that users telnet into.
They VPN through the firewall from Windows 98 machines running the
recent SecuRemote (I'm not sure, but I think it is build 4174).   The
telnet
emulator they are using is Hyperterm.  All the users are coming in
across various links on 256Kbs frame relay circuits.  The router
statistics from our ISP see no errors or packet problems at the router
in front of the firewall.
    The problem is that if these users walk away from their terminals
for 30 minutes or more, the telnets hang.  The user can just kill
Hyperterm and restart it and telnet back in, and everything works fine.
Other people on those same frame relay circuits who keep working do not
loose their connection, so the hang is tied to the user's machine or his

telnet session.  This problem is not only an inconvenience, it causes a
major
problem in the application, which counts logins to ensure license
compliance.
As the telnets hang, the login still exists from the RS/6000 point of
view, and
so the
    We have increased the tcp_keepidle parameter on the firewall RS/6000

to 43200, and added a  ADD_TCP_TIMEOUT(23,43200)  parameter for telnet
to the /etc/fw/lib/init.def file.  When we issue a:

 fw tab -t connections -u

we get a bunch of lines of the form:

<206535c8, 00000458, c0a8640a, 00000017, 00000006; 30d70014, 00004004,
0201d000;
 42846/43200>
<d14aab12, 0000973c, 41710242, 00000017, 00000006; 00000000, 00004001,
02ffff00;
 43199/43200>
<d14aab12, 000094cb, 41710242, 00000017, 00000006; 00000000, 00004001,
02ffff00;
 43153/43200>
<d14aab12, 000094c6, 41710242, 00000017, 00000006; 00000000, 00004001,
02ffff00;
 43138/43200>

where the number in front of the 43200 is slowly decreasing each time we

execute the command.  Is this the counter, counting backwards from
43200?  If so, you wouldn't think that the telnet would die until the
counter reached 0.
    Am I understanding what is going on here?  Or is the TCP_TIMEOUT not

the problem?  I have RTFM but can't see any discussion beyond setting
TCP_TIMEOUT, which does not seem to be helping.
    Are there any settings on the PC's that should be set?  Are there
any SecuRemote parameters that would help?
    I have tried telneting from another RS/6000 across the Internet to
this firewall, and after 4 hours, the connection stays up.  Why should
it work any different?
    Any advice would be appreciated, because I am baffled!
    TIA,

John Schneider

***********************************************************************
* John D. Schneider   Email: [email protected] * Phone:* Lowery Systems, Inc.
* 1329 Horan                  Disclaimer: Opinions expressed here are
* Fenton, MO 63026                   mine and mine alone.
***********************************************************************




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.