|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] FW-1 and Raptor against Legato Networker
Hi, the following posting from Josef was very useful when I had an issue with Legato Networker. /ho > >as already mentioned on the list the problem is that checkpoint (>4.1sp2) >raises an initial tcp timeout of 60s after syn,syn/ack,ack. When there's one >packet more on the wire this timeout is set to 3600s. >The specified legato networker connections just do the syn, syn/ack, ack and >wait quite some time (>60s), after that the firewall drops the next "ack" >packet. > >To solve your problem you have up to 3 options: > >1. Not recommended: change the way fw-1 handles tcp handshake to the old >style (search for reason: unknown established tcp packet). This affects all >connections and moreover it's not stateful inspection (IMHO). >2. Change the tcp keep alive timer of the backup server or client to less >than 60s. >3. Change objects.C or set an fw-1 kernel parameter in order to increase the >tcp_initial_timeout. > >Regards, >Josef > At 14:54 25.09.2002 +0200, you wrote: >I have a problem with Legato Networker. >I have a backup machine running to two networks. One network is protected by a FW-1 (4.1) firewall and the other is through a Raptor firewall. >The rules are the same on both firewalls - the backup server can talk to any machine on both networks with 'any' protocol and 'any' port (yes it's come to that :-)) >Machines backing up through the Raptor work fine. Machines going through the Check Point - fail, hang, etc consistently. >I have tried just about everything I can think of - I've implemented all the technical bulletins I can find but with no luck. >Anybody seen this before and how did you fix it? >Regards >Paul > > > >------------------------------------------------------------- --- > Visit our Internet site at http://www.reuters.com > >Any views expressed in this message are those of the individual >sender, except where the sender specifically states them to be >the views of Reuters Ltd. > >================================================= >To set vacation, Out Of Office, or away messages, >send an email to [email protected] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[email protected] >================================================= -- Markus Hofbauer, IT-Service / Security Bacher Systems EDV GmbH, Wienerbergstr. 11B, A-1101 Wien, Austria phone: +43 (1) 60 126-34 | fax: +43 (1) 60 126-4 e-mail: [email protected] | web: www.bacher.at ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
