-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all!
I'm currently working on a test installation of NGX (HFA01) to test its IPv6
capabilities and found some issues.
It took me some time to find how to allow ICMP-Requests, but now ping is
working without problems.
However, for TCP, it was neccessary to disable the TCP Sequence Verifier in
SmartDefense, otherwise it wasn't possible to build any TCP connection (error
in log was "Bad TCP sequence/Invalid ACK number").
Ok, so TCP is now working, but here is the next problem. Every SSH session
times out after a very short period without any data being sent. Looking at
the state table ("fw6 tab -t connections -f") shows, that the session timeout
for _any_ TCP service is only the TCP start timeout (25s), even after full
connection establishment (and initial data transfer). Way too short for any
keepalives.
I found no way to increase the session timeout for TCP connections, even tried
to explicitly set the value per service. Maybe a bug?
Has anyone else seen this behaviour? Is there a special document regarding NGX
and IPv6?
Regards,
Peter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFDylEEcKsx5K5ighwRAoMdAJ44f7CsJ+MOMPn0XZ2M9mijgboTrwCeNgvM
vclkTkY0kz4zfmLzdecobGE=
=GLf5
-----END PGP SIGNATURE-----
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
