[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Strange TCP Timeout problem
Looks to me like at the time of your outtage your firewall is responding to icmp echo requests just fine. The only thing that does not appear to be happening is the traversal of packets between the PC and the firewall via the switch. Is it possible that you are having some broadcast control being done by your switch? I had some problems with HP ProCurve switches where broadcasts were getting throttled down to near 0% of traffic due to some switch firmware bug and it was bizarre and hard to determine the true source of the problem. (I am still upset about it...heh) One thing to consider is that Microsoft's implementation of ARP caching is much different than Unix. On a unix box, if you are sending packets to an IP, it will keep the arp cache entry alive until that IP has been dormant for quite some time. Microsoft on the otherhand expires the entries after a set interval no matter what. For this reason, we often set persistent ARP CACHE entries for our server farm on our clients boxes when they login via a script. (so long as mac addresses are for the most part static, this does not hurt) You might try setting a persistent arp cache entry on your PC and then try a ping -t to see if the timeouts still occur. If not, then what was happening was the arp cache entry was expiring and then an ARP request broadcast was being sent but for some reason being dropped by the switch. Punch a sniffer into the firewall and define a filter to watch traffic between firewall and your PC only. (or just span the ports over to a monitoring port etc..) -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of [email protected] Sent: Friday, September 22, 2000 2:50 PM To: [email protected] Subject: RE: [FW1] Strange TCP Timeout problem Hi, The endless pings I do work in the following ways: a) PCs to the FW(eth0: 30.10.10.10) returns something like: Reply from 30.10.10.10: bytes=32 time<10ms TTL=128 Reply from 30.10.10.10: bytes=32 time=1ms TTL=128 Reply from 30.10.10.10: bytes=32 time<10ms TTL=128 Reply from 30.10.10.10: bytes=32 time<10ms TTL=128 Request timed out. Request timed out. Request timed out. Request timed out. Reply from 30.10.10.10: bytes=32 time<10ms TTL=128 Reply from 30.10.10.10: bytes=32 time=1ms TTL=128 Reply from 30.10.10.10: bytes=32 time<10ms TTL=128 When the timeouts happen, at the same time, the pings to other devices work this way: b) Switch to FW: pings work all the time, no timeouts c) FW to Swtich: pings work all the time, no timeouts d) PCs to the Switch: pings work all the time, no timeouts All the ethernet ports are full-duplex, the rules in the FW allows any service, the TCP/IP timeouts settings in the FW are in the max. levels. All the applications connected through the firewall are disconnected because this error. Do you have any idea about this weird behavior? Thanks ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|