[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] TCP Timeout questions.
> In the properties for the firewall you can set the TCP/IP timeout. Is there > a way to make there be no timeout? For things like ssh I'd prefer to be > able to just keep the connection up indefinitely. Well if ya think about it, this would be a VERY bad idea. Example Your box A opens an SSH connection to box B outside your firewall. Your box A crashes, requiring a reset. The firewall NEVER sees the connection close, and thus never removes the entry from the state table. Now sooner or later, this is going to make your machine run out of memory. Bit of a bugger really. It gets even worse if you allow inbound ssh, because it gives someone a trivial way to hit you with a DoS attack. You can set the timeout to 7200 minutes in your policy properties, and if you are prepared to hack some defs files, you can increase this further, but not infinitely... ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|