[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] tcp session timeout
This won't work for Net8, because Net8 opens secondary ports. Any protocol which opens secondary ports will have the same problem, because those secondary ports can't be permanently recorded in the timeout table. -- Timothy Frost mailto:[email protected] EDS New Zealand Fax: +64-4-495-0473 8 Gilmer Terrace Phone: +64-4-495-0504 P O Box 3647 Wellington New Zealand -----Original Message----- From: Joe Matusiewicz [mailto:[email protected]] Sent: Friday, January 26, 2001 5:03 AM To: Johan Strom; Quentin Antrim; [email protected] Subject: Re: [FW1] tcp session timeout I'm having a similar problem with users who are using SecuRemote complaining that their sqlnet2 sessions are timing out prematurely even though I have the SecuRemote timeout set to two hours. Does anyone know if the following fix may solve this problem? -- Joe At 05:21 AM 1/25/01, Johan Strom wrote: >Hi Quentin. > >We had the same problem and the session drop after 1 hour. Yes the policy >properteries has an entry tcp sesion timeout 3600 sec. >What we did was a change in the init.def file as follows: > >#define ADD_TCP_TIMEOUT(port,to) (record <port;to> in tcp_timeouts) > >( > <0> in tcp_timeouts >) or ( > ADD_TCP_TIMEOUT(21,FTP_CONTROL_TIMEOUT), > ADD_TCP_TIMEOUT(1521,28800), **** add this line and the timeout >will be 8 hours instead > ADD_TCP_TIMEOUT(0,0) >); > > >#endif /* __init_def__ */ > >The init.def file is located in $FWDIR/lib/ > >This is the only way to change the tcp timeout for a specific port. > >I hope this help. > >Regards > >Johan >----- Original Message ----- >From: "Quentin Antrim" <[email protected]> >To: <[email protected]> >Sent: Wednesday, January 24, 2001 10:59 PM >Subject: [FW1] tcp session timeout > > > > > > I've got a problem with what I think is a TCP session timeout between two >servers on either side of a Checkpoint Firewall. Here's the scenario: > > Checkpoint FW-1 SP3. Web server on one side of the firewall, an oracle >database on the other side using Net8. Have a rule allowing the web >server to contact the oracle server via sqlnet2 service. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|