The reason being is because WinFrame has a seperate
connections table:
wf_connections. This table (like most others) gets flushed on
a policy
install. You can prevent this from happening by adding the
following
to $FWDIR/lib/table.def on the management console (probably
near the end):
wf_connections = timeout X sync keep;
Where X is the timeout value of connections in this table. The
important
flag here is 'keep'.
After making the change, reload policy. Note this may not work
as I can't
find an actual definition for the table anywhere, and I've had
problems in
the past modifying these sorts of tables.
I have
also read that the problem is because FW-1 has a separate table for ICA
connections. Unfortunately FW-1 does not keep a copy of this table after
a reload as it does for it's normal connections table. Someone
recommended removing the winframe definition from objects.c. I was leery
of doing this so I never tried it. Perhaps you can give it a
try.
Hi to all.
We' ve been facing a terrible problem similar to Turin' s.
However, in our case, the clients are connected to the Metaframe Servers not
with Secure Clients, but through a firewall.
In other words, the clients are behind a CP FW1 and connect
to Metaframe Servers behind another FW CP1 over VPN tunnelling. And as Turin
has faced, for over several months, we've been struggling with this strange
and severe problem:
When a policy is installed on the FW where the Metaframe
Servers put behind, the ICA connections of the clients on the other side
drop, and key re-installs between two FW' s are required (including phase 1
- aggressive mode.) This happens all the time, whenever a policy installed
(regardless of any rule, even not related with VPN, Metaframes...) on our FW
(Metaframe Servers)
Both FW's mngmt stations are CP 4.1 SP3. Both FW modules are
Nokia platforms with IPSO SP3 FC3.3.
I' d also be so grateful of anyone provides a solution to
this. Thanx...
Mete EMINAGAOGLU
-----Original Message-----
From:
Turin Turambar [mailto:[email protected]]
Sent: Wednesday, August 29, 2001 6:34 PM
To: [email protected]
Subject: [FW1] Metaframe TCP Hangs w/ Secure Client
I know that some messages have been written regarding
Metaframe
before, but they don't seem to touch on
the exact problem I am having.
I hope someone
out there can help me.
I have Metaframe 1.8 and Firewall-1 4.1 SP4.
When Secure Clients
connect to the Metaframe over
the VPN, and a policy is pushed to the
firewall, the
ICA connections are dropped. Not only that, but the
Metaframe server thereafter ceases to accept any TCP
connections until
it is rebooted.
If anyone has successfully gotten ICA connections over the
VPN to a
Metaframe server working to the point where
they survive policy
installs, please let me know
your secret! Thanks!
turambar386
Get your FREE Bette Davis e-mail at http://surf.to/bette
____________________________________________________________
Get your own FREE Web and POP E-mail Service in 14
languages at http://www.zzn.com.
================================================================================
To unsubscribe from this mailing
list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================