cisco4ng wrote:
I had issues with oracle sqlnet connections traversing the
NG-AI R55 with HFA_20 SPLAT firewalls. I fixed the issue
by modifying the $FWDIR/lib/base.def in the CMA according
to Checkpoint sk19566, as follows:
RECORD_DATA_CONN(dst,0,sr1,sr2,sr3, IS_ACCEPTED_A, 0x4a, 0, 0),
Modification:
RECORD_DATA_CONN(dst,0,sr1,sr2,sr3, IS_ACCEPTED_A, 0x4a, 86400, 0),
("86400" is the desired timeout in seconds)
After upgrading to NGx R61, I run into the same issue again. I tried
to modify the base.def but there is NO such parameter in the base.def.
Keeping sessions alive for a day is a good way to fill your connections
table. But I guess you will not have that many Oracle connections.
I have seen several issues where traffic is idle in applications. Mostly
telnet and Oracle. I have tried to increase the timers on Check Point
but it still is not working in all cases.
Adjusting the OS of the Oracle server to send TCP keep-alives after 900
secons however works like a charm everytime. I suggest you work on that
side to keep sessions alive.
(Linux will only send keep-alive packets after 7200 seconds. But you can
change it so easily it takes longer to describe then to execute.)
Hugo.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
