Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] nokia firewall flows and tcp timeouts sanity check

To: MikeCC <[email protected]>
Subject: Re: [FW1] nokia firewall flows and tcp timeouts sanity check
From: Paul Howell <[email protected]>
Date: Sat, 09 Jun 2001 07:23:54 -0400
Cc: [email protected]
In-reply-to: Your message of Thu, 07 Jun 2001 21:01:31 -0400.
Sender: [email protected]


Hi,

I can confirm that the problem exists in IPSO 3.4 / FW-1 4.1 SP4.

Our reseller told me that Checkpoint is working on a patch will be
released soon, and that Nokia says their end of it is fixed in 3.4.

I'm hoping they are right.  Performance is important and I'd like to
get as much as possible.

Thanks,

< paul


MikeCC writes:
 > 
 > Hi,
 > 
 > We have seen the exact same behavior on IPSO 3.3 and SP2.  Turning off 
 > Flows clears up the problem.  I am told by our reseller, who first claimed 
 > to have heard it from Checkpoint then later stated Checkpoint denied the 
 > problem, that Flows will cause a any active sessions that are passing 
 > traffic when the time out arrives will be dropped.  So because you have a 
 > continuos flow of packets the session is being dropped, same thing happened 
 > to us.
 > 
 > For now we are able to live with turning off Flows.  And now Nokia is 
 > saying that SP3 will fix the problem.  I haven't confirmed this yet but I 
 > did install SP4 today in a test lab so hopefully I'll find out soon.
 > 
 > At 09:21 AM 6/6/01 -0400, Paul Howell wrote:
 > 
 > 
 > >Hi.
 > >
 > >I'd like to do a little sanity check.
 > >
 > >I'm not sure exactly when firewall flows became a "feature" in IPSO, but
 > >they exist in IPSO 3.3 and higher.
 > >
 > >I'm seeing an odd interaction between firewall flows and FW1 4.1 SP2 and
 > >higher such that persistent active TCP connections are dropped after
 > >TCP timeout seconds.   The TCP timeout value is set in the FW1 properties tab.
 > >
 > >Just to be clear about the meaning of active, a TCP connection that is sending
 > >and receiving packets continously.
 > >
 > >Turning off firewall flows seems to solve this.
 > >
 > >I'm wondering if it's me, or is it Nokia.
 > >
 > >Has anyone else experienced this?
 > >
 > >Thanks,
 > >
 > >< paul
 > >
 > >
 > >
 > >================================================================================
 > >      To unsubscribe from this mailing list, please see the instructions at
 > >                http://www.checkpoint.com/services/mailing.html
 > >================================================================================ 
 > >
 > 
 > MikeCC
 > http://atrek.org/mikecc
 > 
 > 
 > 
 > ================================================================================
 >      To unsubscribe from this mailing list, please see the instructions at
 >                http://www.checkpoint.com/services/mailing.html
 > ================================================================================


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] ADSL and Checkpoints Secure Remote
Next by Date: [FW1] RE: Help....FW1 is not letting the traffic out....
Previous by thread: Re: [FW1] nokia firewall flows and tcp timeouts sanity check
Next by thread: [FW1] Blocking Realying with FW-1
Index(es):
- Date
- Thread