The reason being is because WinFrame has a seperate connections
table:
wf_connections. This table (like most others) gets flushed on a
policy
install. You can prevent this from happening by adding the
following
to $FWDIR/lib/table.def on the management console (probably near
the end):
wf_connections = timeout X sync keep;
Where X is the timeout value of connections in this table. The
important
flag here is 'keep'.
After making the change, reload policy. Note this may not work
as I can't
find an actual definition for the table anywhere, and I've had
problems in
the past modifying these sorts of tables.
I have
also read that the problem is because FW-1 has a separate table for ICA
connections. Unfortunately FW-1 does not keep a copy of this table after a
reload as it does for it's normal connections table. Someone recommended
removing the winframe definition from objects.c. I was leery of doing this
so I never tried it. Perhaps you can give it a
try.
Hi to all.
We' ve been facing a terrible problem similar to Turin' s.
However, in our case, the clients are connected to the Metaframe Servers not
with Secure Clients, but through a firewall.
In other words, the clients are behind a CP FW1 and connect to
Metaframe Servers behind another FW CP1 over VPN tunnelling. And as Turin has
faced, for over several months, we've been struggling with this strange and
severe problem:
When a policy is installed on the FW where the Metaframe
Servers put behind, the ICA connections of the clients on the other side drop,
and key re-installs between two FW' s are required (including phase 1 -
aggressive mode.) This happens all the time, whenever a policy installed
(regardless of any rule, even not related with VPN, Metaframes...) on our FW
(Metaframe Servers)
Both FW's mngmt stations are CP 4.1 SP3. Both FW modules are
Nokia platforms with IPSO SP3 FC3.3.
I' d also be so grateful of anyone provides a solution to
this. Thanx...
Mete EMINAGAOGLU
-----Original Message-----
From: Turin
Turambar [mailto:[email protected]]
Sent: Wednesday, August 29, 2001 6:34 PM
To: [email protected]
Subject: [FW1] Metaframe TCP Hangs w/ Secure Client
I know that some messages have been written regarding
Metaframe
before, but they don't seem to touch on the
exact problem I am having.
I hope someone out
there can help me.
I have Metaframe 1.8 and Firewall-1 4.1 SP4. When
Secure Clients
connect to the Metaframe over the VPN,
and a policy is pushed to the
firewall, the ICA
connections are dropped. Not only that, but the
Metaframe server thereafter ceases to accept any TCP connections
until
it is rebooted.
If anyone has successfully gotten ICA connections over the VPN
to a
Metaframe server working to the point where they
survive policy
installs, please let me know your
secret! Thanks!
turambar386
Get your FREE Bette Davis e-mail at http://surf.to/bette
____________________________________________________________
Get your own FREE Web and POP E-mail Service in 14 languages
at http://www.zzn.com.
================================================================================
To unsubscribe from this mailing
list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================