You will find information on this new feature intro'd in NG AI - What's New at: http://www.checkpoint.com/support/downloads/docs/firewall1/r54/WhatsNew.pdf
It used to be that CP would drop any attempt to establish a new connection w/ the same src port/ip and same dst port/ip unless firewall-1 tables have been flushed out of the state of that connection from a previous use - with this feature, CP would attempt sync'ng its own state w/ the actual state of the client and server and convert the new 'syn' packet on the new connection attempt to an 'ack' which in some cases does cause problems (I have seen myself and had to change the behavior) and that is why your third party vendor who might have seen issues w/ their application due this feature. hope this helps. rajeev On 7/5/07, Crist Clark <[EMAIL PROTECTED]> wrote:
A third party vendor has this little piece of advice in a technical document, We have seen issues with Checkpoint NG firewalls and their use of the "Smart Connection Reuse" feature. It is apparently enabled by default... We have found this behaviour working improperly [sic], and this feature should be disabled. I'm having trouble finding "Smart Connection Reuse" in Check Point documentation. Any ideas to what they are referring? -- Crist J. Clark [EMAIL PROTECTED] Globalstar Communications (408) 933-4387 BĀ¼information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact [EMAIL PROTECTED] ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
