RE: Citrix client disconnections

skirn Mon, 15 Oct 2001 08:06:09 -0700


     If you add the "keep" option to table.def, it will not flush the table
on policy install. Here is what the section should look like.


connections = dynamic refresh sync expires TCP_START_TIMEOUT
expcall KFUNC_CONN_EXPIRE kbuf 1

#ifdef SECUREMOTE
implies userc_verified_connections
#else
implies ftp_restrictions
#endif
hashsize 32768 limit 25000 keep;


     Notice the "keep" option on the hashsize line. I successfully used
this to keep our VPN Citrix sessions from being dropped during a policy
install.


Scott



|--------+------------------------------>
|        |          "Ben Nagy"          |
|        |          <[EMAIL PROTECTED]>      |
|        |          Sent by:            |
|        |          firewalls-admin@list|
|        |          s.gnac.net          |
|        |                              |
|        |                              |
|        |          10/12/2001 08:11 PM |
|        |                              |
|--------+------------------------------>
  
>------------------------------------------------------------------------------------------------------------------------|
  |                                                                                    
                                    |
  |       To:     "'N. Endgirgli'" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>   
                                    |
  |       cc:                                                                          
                                    |
  |       Subject:     RE: Citrix client disconnections                                
                                    |
  
>------------------------------------------------------------------------------------------------------------------------|




AFAIK there is nothing that will fix that. Installing a new policy
flushes all the sessions. If it didn't it would be a bug - you could
have a situation where there was traffic still flowing through the
firewall that was agaist the current policy.

Cheers,

--
Ben Nagy
Security Guy

> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of N. Endgirgli
> Sent: Saturday, October 13, 2001 5:13 AM
> To: Jay Wehring; [EMAIL PROTECTED]
> Subject: Re: Citrix client disconnections
>
>
> Clients are not disconnected after inactivity period of time.
> THEY ARE DISCONNECTED WHEN I INSTALL POLICY IN THE FIREWALL.
> So I just wonder if there is anyting that can fix that (CP
> solution I mentioned in earlier doesn't work)
[...]

_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls




_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls

RE: Citrix client disconnections

Reply via email to