>>> On 7/6/2007 at 6:18 AM, cisco4ng <[EMAIL PROTECTED]> wrote: > The fix on this is a very easy one. On the Nokia platforms, let say you have > MsSQL connection using tcp port 1433 and you want to establish new > connection with the same src port/ip dst port/ip, you can easily accomplish > on with the following command: > ./modzap -n _fw_reuse_established_conn $FWDIR/boot/modules/fwmod.o 1433 > > This will require a reboot. If you don't want to reboot the nokia > enforcement > module, you can do this: > fw ctl _fw_reuse_established_conn 1433 > > This will take effect immediately. > > You can do the same on SPLAT as well. I just can't remember the syntax > of it.
For the archive, # fw ctl set int fw_reuse_established_conn <port> Seems to have worked on Solaris. > Rajeev Gupta <[EMAIL PROTECTED]> wrote: You will find information on this new > feature intro'd in NG AI - What's New > at: > http://www.checkpoint.com/support/downloads/docs/firewall1/r54/WhatsNew.pdf > > It used to be that CP would drop any attempt to establish a new connection > w/ the same src port/ip and same dst port/ip unless firewall-1 tables have > been flushed out of the state of that connection from a previous use - with > this feature, CP would attempt sync'ng its own state w/ the actual state of > the client and server and convert the new 'syn' packet on the new connection > attempt to an 'ack' which in some cases does cause problems (I have seen > myself and had to change the behavior) and that is why your third party > vendor who might have seen issues w/ their application due this feature. > > hope this helps. > > rajeev > > On 7/5/07, Crist Clark wrote: >> >> A third party vendor has this little piece of advice >> in a technical document, >> >> We have seen issues with Checkpoint NG firewalls and >> their use of the "Smart Connection Reuse" feature. It >> is apparently enabled by default... We have found this >> behaviour working improperly [sic], and this feature >> should be disabled. >> >> I'm having trouble finding "Smart Connection Reuse" >> in Check Point documentation. Any ideas to what they >> are referring? >> -- >> >> Crist J. Clark >> [EMAIL PROTECTED] >> Globalstar Communications (408) >> 933-4387 >> >> >> BĀ¼information contained in this e-mail message is confidential, intended >> only for the use of the individual or entity named above. If the reader >> of this e-mail is not the intended recipient, or the employee or agent >> responsible to deliver it to the intended recipient, you are hereby >> notified that any review, dissemination, distribution or copying of this >> communication is strictly prohibited. If you have received this e-mail >> in error, please contact [EMAIL PROTECTED] >> >> ================================================= >> To set vacation, Out-Of-Office, or away messages, >> send an email to [EMAIL PROTECTED] >> in the BODY of the email add: >> set fw-1-mailinglist nomail >> ================================================= >> To unsubscribe from this mailing list, >> please see the instructions at >> http://www.checkpoint.com/services/mailing.html >> ================================================= >> If you have any questions on how to change your >> subscription options, email >> [EMAIL PROTECTED] >> ================================================= >> > > > > --------------------------------- > Sick sense of humor? Visit Yahoo! TV's Comedy with an Edge to see what's on, > when. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= BĀ¼information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact [EMAIL PROTECTED] ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
