[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Nokia & FLOWS
This problem might have something to do with the sessiontable changes made to SP3 and above. Instead of adding the session to the sessiontable after the 3-way TCP handshake SP3 and above must start sending data for the session to be added. Use the modzap utility to change and test it. It will rev. it to SP2 and prev sessionhandling. I know some applications like Networker backup has problems with this new session handling. Also take in consideration that this lower the security since its easier to cause a DoS attack. modzap can be downloaded from Nokia support site. ./modzap -n fw_old_established_accept $FWDIR/boot/modules/fwmod.o 0x1 // (run without making changes) ./modzap fw_old_established_accept $FWDIR/boot/modules/fwmod.o 0x1 // (run and make changes) Regards Jonas -----Original Message----- From: Davis, Scott [mailto:[email protected]] Sent: den 11 januari 2002 15:20 To: [email protected] Subject: [FW-1] Nokia & FLOWS I am implementing Checkpoint 4.1 SP4 on Nokia IP530's in our production environment and have run across various connection timeout issues. After speaking with Nokia and Checkpoint, everything points to upgrading to SP5 with hotfixes. However I have run into other issues with SP5/hotfix that may prevent me from upgrading. I have been reading about FLOWS and it's role with Checkpoint. Does anyone have any experience with turning off FLOWS ? What kind of performance hit am I going to take it I turn it off ? To me it seems less secure as well, because the Checkpoint FW-1 only inspects the 1st packet, am I correct ? Any advice/help would be appreciated. Thanks, Scott Davis Internet Security Specialist T.Rowe Price ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|