Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] tcp session timeout

To: "'Joe Matusiewicz'" <[email protected]>, Johan Strom <[email protected]>, Quentin Antrim <[email protected]>, [email protected]
Subject: RE: [FW1] tcp session timeout
From: "Frost, Timothy E" <[email protected]>
Date: Fri, 26 Jan 2001 11:16:37 +1300
Sender: [email protected]

This won't work for Net8, because Net8 opens secondary ports.

Any protocol which opens secondary ports will have the same problem, because
those secondary ports can't be permanently recorded in the timeout table.

-- 
Timothy Frost			mailto:[email protected]
EDS New Zealand			Fax: +64-4-495-0473
8 Gilmer Terrace		Phone: +64-4-495-0504
P O Box 3647
Wellington
New Zealand


-----Original Message-----
From: Joe Matusiewicz [mailto:[email protected]]
Sent: Friday, January 26, 2001 5:03 AM
To: Johan Strom; Quentin Antrim;
[email protected]
Subject: Re: [FW1] tcp session timeout




I'm having a similar problem with users who are using SecuRemote 
complaining that their sqlnet2 sessions are timing out prematurely even 
though I have the SecuRemote timeout set to two hours.  Does anyone know if 
the following fix may solve this problem?


-- Joe


At 05:21 AM 1/25/01, Johan Strom wrote:

>Hi Quentin.
>
>We had the same problem and the session drop after 1 hour. Yes the policy
>properteries has an entry tcp sesion timeout 3600 sec.
>What we did was a change in the init.def file as follows:
>
>#define ADD_TCP_TIMEOUT(port,to) (record <port;to> in tcp_timeouts)
>
>(
>         <0> in tcp_timeouts
>) or (
>         ADD_TCP_TIMEOUT(21,FTP_CONTROL_TIMEOUT),
>         ADD_TCP_TIMEOUT(1521,28800),   **** add this line and the timeout
>will be 8 hours instead
>         ADD_TCP_TIMEOUT(0,0)
>);
>
>
>#endif /* __init_def__ */
>
>The init.def file is located in $FWDIR/lib/
>
>This is the only way to change the tcp timeout for a specific port.
>
>I hope this help.
>
>Regards
>
>Johan
>----- Original Message -----
>From: "Quentin Antrim" <[email protected]>
>To: <[email protected]>
>Sent: Wednesday, January 24, 2001 10:59 PM
>Subject: [FW1] tcp session timeout
>
>
> >
> > I've got a problem with what I think is a TCP session timeout between
two
>servers on either side of a Checkpoint Firewall.  Here's the scenario:
> > Checkpoint FW-1 SP3.  Web server on one side of the firewall, an oracle
>database on the other side using Net8.  Have a rule allowing the web 
>server to contact the oracle server via sqlnet2 service.



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] securemote 'can't communicate with firewall'
Next by Date: Re: [FW1] If a single firewall with 3 NIC's a considered a DMZ?
Previous by thread: RE: [FW1] tcp session timeout
Next by thread: [FW1] CP 4.1 Enterprise Management Station, any benefits?
Index(es):
- Date
- Thread