Hi Hugo. We had exactly that problem when we first deployed CheckPoint R60 in our infrastructure. Actually, it get solved as soon as we adjusted keep-alive values in both FW1 and Oracle. We have checked that keep-alive times have not changed neather in Oracle nor in the firewalls.
It seems the problem is being caused by the upgrading proccess. Thanks El mié, 21-01-2009 a las 07:47 +0100, Hugo van der Kooij escribió: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Cardwell, David (Kansas City) wrote: > > I would check the connections table of each vap member. If they are > > relatively close then sync is > > working. If they are not close, then it could be the syn goes through one > > member and the syn/ack or > > ack goes through another. (not likely the case). > > > > My recommendation is to run an fw monitor on the destination and look at > > the traffic. If it is over 1 > > hour that the connection is opened and the out-of-state you may need to > > bump up the service timeout. > > If you have secureXL on run a tcpdump on the ingress and egress interface > > of the circuits involved. > > I would recommend to adjust th e tcp keep-alive value on the Orcale > server first. It can be done on the fly and if you set it to 90 seconds > you should keep the connection alive with a packet every 15 minutes. > > I have seen issues with Oracle before that have always been resolved in > this manner. > > Hugo. > > - -- > [email protected] http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > Nid wyf yn y swyddfa ar hyn o bryd. Anfonwch unrhyw waith i'w gyfieithu. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAkl2xRwACgkQBvzDRVjxmYGkBwCgmpVnOS04b/UUwvV6BNGQ5PzV > ypIAoI8v6JfZCWIOCy0Hbdg5QL29tB7l > =yiDg > -----END PGP SIGNATURE----- > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > Scanned by Check Point Total Security Gateway. Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
