On Thu, 11 Jan 2007, David Strom wrote:
We have an app server connecting to a MySQL DB server in a different subnet.
The TCP Session timeout keeps cutting off the app server from the DB server.
We have reasons to put these 2 systems in different subnets, I won't bore you
with those details.
Is there a way to set the TCP Session timeout for this service to "infinite"?
I.e., no timeout? Checkpoint tech support says no, that setting the
timeout to Zero is not saying "no timeout" for this service, and the max
number of seconds I can set in the service seems to be 9999.
From a practical point anything statefull without a timeout is a DoS
grabbing point. If some types of sessions never timeout you can always DoS
a firewall. You can do it slowly so no other trap is triggered and in the
end your firewall is toast.
Any network application that assumes it can remain active forever without
a proper keepalive mechanisme is broken by design and not made for this
century.
Having said all that I think that a proper +2 hours settings should work
unless you application is not behaing itself.
Hugo.
--
[EMAIL PROTECTED] http://hvdkooij.xs4all.nl/
This message is using 100% recycled electrons.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
