|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] State Table Problems
Hello.. Firewall-1 4.1SP5a (same problem with SP4), IPSO 3.4.1 SNMP. I have a problem with a connection through this firewall, and the behaviour I am seeing doesn't quite match Lance's description of how connections are built in Firewall-1. The initial SYN packet causes an entry in the state table with a 60 second timeout counting down. Lance's paper states that if a response to the SYN goes through the firewall, the connection is promoted to a full 3600 second (TCP Timeout setting) entry in the state table. I have been looking at this recently, and I am seeing something different. I don't see the connection fully established until a data packet goes through. Ie, the three-way handshake completes, and still the connection is on a 60 second timeout. Once a data packet goes through, the timeout is promoted to 3600. My testing environment isn't that sound so it would be extremely helpful if anyone can confirm/dispute this. Many thanks, Paul Murphy. ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
