| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW1] SMTP issues with v4.1 SP4 & SP5
This is probably due to the fact that Checkpoint has tightened the
methods by which the kernel handles connections that have been idle for
some time. There is a default timeout value, 60 seconds if memory
servers me right, in that if the fw kernel does not receive any
communication it wipes the connection from it's state table. Thus when
the server once again tries to contact using it's original connection CP
drops it because it's wiped the connection from it's stable table so no
longer knows about it. There are two methods to fix this. One is to
revert back to old behavior by modifying table.def on the firewall (not
reccommended, address spoofing security risk) or to modify the server so
that it sends keep alive packets to the machine it's communicating with.
In this manner the fw kernel sees constant traffic and does not tear
down the connection.
Juan Concepcion
Network Security Engineer
CCSA CCSE
[email protected] --- Begin Message ---
Return-Path: <[email protected]>
Received: from beethoven.us.checkpoint.com ([206.184.151.194])
by merlin (EarthLink SMTP Server) with ESMTP id tq6jlq.q2.37tiu4s
Sat, 15 Sep 2001 05:51:06 -0700 (PDT)
Received: (from majordom@localhost)
by beethoven.us.checkpoint.com (8.9.3+Sun/8.9.3/CPbeethoven/2.1.1) id UAB05575
for fw-1-mailinglist-outgoing; Fri, 14 Sep 2001 20:46:50 -0700 (PDT)
Received: from us.checkpoint.com (oak.us.checkpoint.com [206.184.151.234])
by beethoven.us.checkpoint.com (8.9.3+Sun/8.9.3/CPbeethoven/2.1.1) with ESMTP id UAA05571
for <[email protected]>; Fri, 14 Sep 2001 20:46:47 -0700 (PDT)
Received: from abbazabba.us.checkpoint.com (localhost [127.0.0.1])
by us.checkpoint.com (8.11.6/8.11.6/CPoak/8.11.6-090401) with ESMTP id f8F3kaS20552
for <[email protected]>; Fri, 14 Sep 2001 20:46:36 -0700 (PDT)
Received: from web10804.mail.yahoo.com (web10804.mail.yahoo.com [216.136.130.246])
by abbazabba.us.checkpoint.com (8.11.3/8.10.1/CPmx/1.3.0) with SMTP id f8F3kef05143
for <[email protected]>; Fri, 14 Sep 2001 20:46:40 -0700 (PDT)
Message-ID: <[email protected]>
Received: from [24.4.162.130] by web10804.mail.yahoo.com via HTTP; Fri, 14 Sep 2001 20:46:40 PDT
Date: Fri, 14 Sep 2001 20:46:40 -0700 (PDT)
From: "FW.admin in Training" <[email protected]>
Subject: [FW1] SMTP issues with v4.1 SP4 & SP5
To: [email protected]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: [email protected]
Precedence: list
Errors-To: [email protected]
Hopefully someone has seen this issue and has an idea
or two.
We have been running FW-1 ver 4.1 SP2 for too long.
We decided to upgrade the IP650's to ver 4.1 SP4.
After the boot manager was up'd, and IPSO from 3.2.1
to 3.4, I loaded SP4. Reloaded the backup config,
re-edited the conf files Checkpoint over wrote and all
seemed to work.
Then the calls came in.... TCP/IP connections seemed
to drop on rule 0. SMTP traffic into a 3rd party SMTP
scanner timed out on rule 0 after exactly 5 minutes
when passed on to our GroupWise PO gateway.
The GroupWise server would complain about wrong
sequence, recipient first or something to that effect.
Then after 10 - 15 minutes it would go down.
I disabled the FLOWs option, disabled the SYN
defender, redid putkeys, validated routes, NAT, rules,
timeout settings, registry hacks ( NT management ) ---
all to no avail.
I did not have the SMTP engine running in the
firewall, as far as I could tell anyway.
The only remedy was to revert back to IPSO 3.2.1 and
ver 4.1 SP2 !
T.I.A.
__________________________________________________
Terrorist Attacks on U.S. - How can you help?
Donate cash, emergency relief information
http://dailynews.yahoo.com/fc/US/Emergency_Information/
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
--- End Message ---
|
|
