Using the dbedit utility type: modify services <service name> timeout 2147483647 update services <service name>
Remarks: The value listed above is used internally by the kernel to specify infinite time connections I've tried it and it works. As far as security goes, that's another matter. ANDERKOOIJ.ORG> wrote: On Thu, 11 Jan 2007, David Strom wrote: > We have an app server connecting to a MySQL DB server in a different subnet. > The TCP Session timeout keeps cutting off the app server from the DB server. > We have reasons to put these 2 systems in different subnets, I won't bore you > with those details. > > Is there a way to set the TCP Session timeout for this service to "infinite"? > I.e., no timeout? Checkpoint tech support says no, that setting the > timeout to Zero is not saying "no timeout" for this service, and the max > number of seconds I can set in the service seems to be 9999. >From a practical point anything statefull without a timeout is a DoS grabbing point. If some types of sessions never timeout you can always DoS a firewall. You can do it slowly so no other trap is triggered and in the end your firewall is toast. Any network application that assumes it can remain active forever without a proper keepalive mechanisme is broken by design and not made for this century. Having said all that I think that a proper +2 hours settings should work unless you application is not behaing itself. Hugo. -- [EMAIL PROTECTED] http://hvdkooij.xs4all.nl/ This message is using 100% recycled electrons. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Everyone is raving about the all-new Yahoo! Mail beta. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
