[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] TCP Timeout

To: [email protected]
Subject: Re: [FW-1] TCP Timeout
From: "Holland, Stephen" <[email protected]>
Date: Thu, 21 Mar 2002 07:35:23 -0600
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

This is a global change effecting all protocols and port.

If a any connection is not taken down properly then that connection is open
in the FW for 6hrs.  IE is notorious for not taking down a TCP HTTP request
properly with either a RST or FIN packet.  That leave enormous amounts of
holes if you have lots of HTTP/HTTPS traffic traverseing your network, not
to mention other ports and application.  Granted the attack would have to be
WELL crafted.


> -----Original Message-----
> From: Cruiser sg [SMTP:[email protected]]
> Sent: Wednesday, March 20, 2002 10:35 PM
> To:   [email protected]
> Subject:      [FW-1] TCP Timeout
>
> Hi,
>
> The default tcp timeout value is 3600 secons (1 hr).
> What is the implications if I were to increase it to
> 21600 secs or 6hrs?
>
> Thanks.
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Movies - coverage of the 74th Academy Awards�
> http://movies.yahoo.com/
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] Authentication failed
Next by Date: Re: [FW-1] the way to find the external interface
Prev by thread: [FW-1] Questions about IKE VPN setup/FW objects on Nokia w/ GW clusters
Next by thread: Re: [FW-1] TCP Timeout
Index(es):
- Date
- Thread