Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] TCP Timeout Issues

To: <[email protected]>
Subject: [FW1] TCP Timeout Issues
From: "Dave Millier" <[email protected]>
Date: Wed, 4 Jul 2001 08:58:33 -0400
Importance: Normal
Reply-to: <[email protected]>
Sender: [email protected]

Hi All, question if I may.  I have had three firewalls up and running with
VPNs between A and B and A and C for quite some time.  Have had no issues
with timeouts, edited init.def and added in two protocols, 23 and 397, with
timeout of 7200.  This worked fine for app. 6 months, no issues.  I migrated
from a server running both mgmt. console and firewall module to an
environment with a stand-alond mgmt. console managing all three firewalls.
Otherwise, there is no difference in environment.  I've verified that all
three firewalls have the timeouts set in their init.def, even made the
changes on the mgmt. console!  I've also set tcp timeouts in general in the
properties to be 3600 seconds.  None of this seems to be working, I'm
getting reports of regular disconnects by the users.  Anyone have thoughts
on any other things I might want to try?  We've moved the customer off frame
relay and entirely onto the 'net, I'd had to have to go back to them and put
them back onto a frame relay circuit, just because of a tcp session timeout
issue.  Note:  I don't see any drops or other unusual activity in the logs,
so I can't even easily speculate what is different at this time, from the
previous environment, if anything.  The only other thought I had was
potentially the Internet itself, too much latency causing connection
timeouts, but that doesn't seem that plausible, I have a 10 meg connection
on one site, and T1s on the other two sites, none of them seem to be
saturated at any point and time.

Any thoughts on this would be _greatly_ appreciated!

Regards,

Dave Millier, CISSP

******************************************************
DEXAGON Inc. - Design, Engineering, and Implementation
DEXAGON Network Services - ISP/ASP/CarrierConnectivity
2300 Yonge Street, #1100, Toronto, ONT CANADA  M4P 1E4
******************************************************
[ [email protected] ]       [ http://www.DEXAGON.com ]
[] [ Toronto, Canada ] [ 1-877-DEXAGON ]
******************************************************



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] IP 51 and 50
Next by Date: [FW1] fwd.elg
Previous by thread: [FW1] Processes killed by vm_fault -- out of swap
Next by thread: [FW1] fwd.elg
Index(es):
- Date
- Thread