I have recently
upgraded to NG FP1 and FP2. I have found a new problem where SSH
connections through these firewalls are frequently torn down with a
"connection reset by peer" after an arbitrary amount of time.
Currently, users are reporting disconnects ranging from 60 seconds to 15
minutes. They are also reporting that their connections are not
idle. I cannot find anything in the log files to indicate a
problem. I have not changed any of the TCP timeout values and the SSH
service is set to accept the global default of 3600 seconds.
It looks
like the Checkpoint/FW1/Firewall newsgroups and mailing lists have several
posts relating to this topic, but I have not found any responses providing a
solution (other than to try changing the TCP timeout for the service or
globally). While I can try to set the SSH service timeout explicitly to
one hour or more, I don't see how that would have an affect since users are
reporting disconnects in less than one hour.
Has anyone seen a specific
solution and more accurate problem description for this
issue?
Thanx,
Semaj...
James W. Klein ([email protected]) Software
& Scanning Services New Orleans, LA,
USA
|