[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Telnet using SecuRemote timing out
Greetings! We are running FW 4.1.2 on an RS/6000 running AIX 4.3.3. Behind that we have an RS/6000 running an application that users telnet into. They VPN through the firewall from Windows 98 machines running the recent SecuRemote (I'm not sure, but I think it is build 4174). The telnet emulator they are using is Hyperterm. All the users are coming in across various links on 256Kbs frame relay circuits. The router statistics from our ISP see no errors or packet problems at the router in front of the firewall. The problem is that if these users walk away from their terminals for 30 minutes or more, the telnets hang. The user can just kill Hyperterm and restart it and telnet back in, and everything works fine. Other people on those same frame relay circuits who keep working do not loose their connection, so the hang is tied to the user's machine or his telnet session. This problem is not only an inconvenience, it causes a major problem in the application, which counts logins to ensure license compliance. As the telnets hang, the login still exists from the RS/6000 point of view, and so the We have increased the tcp_keepidle parameter on the firewall RS/6000 to 43200, and added a ADD_TCP_TIMEOUT(23,43200) parameter for telnet to the /etc/fw/lib/init.def file. When we issue a: fw tab -t connections -u we get a bunch of lines of the form: <206535c8, 00000458, c0a8640a, 00000017, 00000006; 30d70014, 00004004, 0201d000; 42846/43200> <d14aab12, 0000973c, 41710242, 00000017, 00000006; 00000000, 00004001, 02ffff00; 43199/43200> <d14aab12, 000094cb, 41710242, 00000017, 00000006; 00000000, 00004001, 02ffff00; 43153/43200> <d14aab12, 000094c6, 41710242, 00000017, 00000006; 00000000, 00004001, 02ffff00; 43138/43200> where the number in front of the 43200 is slowly decreasing each time we execute the command. Is this the counter, counting backwards from 43200? If so, you wouldn't think that the telnet would die until the counter reached 0. Am I understanding what is going on here? Or is the TCP_TIMEOUT not the problem? I have RTFM but can't see any discussion beyond setting TCP_TIMEOUT, which does not seem to be helping. Are there any settings on the PC's that should be set? Are there any SecuRemote parameters that would help? I have tried telneting from another RS/6000 across the Internet to this firewall, and after 4 hours, the connection stays up. Why should it work any different? Any advice would be appreciated, because I am baffled! TIA, John Schneider *********************************************************************** * John D. Schneider Email: [email protected] * Phone:* Lowery Systems, Inc. * 1329 Horan Disclaimer: Opinions expressed here are * Fenton, MO 63026 mine and mine alone. *********************************************************************** ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|