[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Connections being dropped after maximum TCP session timeout being reached.
I have recently implemented two Nokia boxes, IPSO 3.3 in HA with VRRP. I was running CP FW-1 4.1 SP2 on both until I noticed that established TCP connections were being dropped after maximum TCP session timeout was reached regardless of the state of the connection. i.e. active or inactive. I was under the impression that the timer in the connections table was reset for a connection following an active data transfer as I have witnessed on IPSO 3.2.1 fcs1 with CP FW-1 4.1 SP2. Am I incorrect in my observation? I manage many other firewalls with IPSO 3.2.1 fcs1 and CP FW-1 SP2 and have not experienced any incidents of this nature. It is only since the introduction of IPSO 3.3 that this problem has arisen. I thought that it was just a bug between IPSO 3.3 and SP2 due to the vast changes in the IPSO. I was willing to wait for SP3 for IPSO 3.3 due to the fact that Checkpoint had informed me that they were not supporting IPSO 3.3 until the release of SP3. Following the release of SP3, I installed and tested the new version to no avail. Has anyone else experienced the aforementioned anomaly? Does anyone have any suggestions on how to correct it?? Any input would be greatly appreciated. PS: I am losing hair over this ! TIA Ben Karlo. Network Security Consultant E-Mail: [email protected] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|