session, I would consider this for the specific service/advanced props rather than global, if you click on the help within the gui windows you will see detailed info on these settings
________________________________ From: "Verweyen, Dirk" <[email protected]> To: [email protected] Sent: Thu, April 22, 2010 9:13:26 AM Subject: [FW-1] AW: [FW-1] AW: [FW-1] Again: TCP packet out of state: First packet isn't SYN Which value you mean exactly? The session timeout is already on 3600 sec by default. TCP Start has an value of 25 on end a timeout value from 20 sec. -----Ursprüngliche Nachricht----- Von: Mailing list for discussion of Firewall-1 [mailto:[email protected]] Im Auftrag von Gary Scott Gesendet: Donnerstag, 22. April 2010 14:57 An: [email protected] Betreff: Re: [FW-1] AW: [FW-1] Again: TCP packet out of state: First packet isn't SYN Although I agree with Hugo, you can increase your TCP timeout globally or for a specific service under its advanced options. Keep in mind this could have an adverse effect by keeping idle connections longer in your connections table and could potentially cause you to max out your global connections limit. -GS ________________________________ From: "Verweyen, Dirk" <[email protected]> To: [email protected] Sent: Thu, April 22, 2010 8:06:03 AM Subject: [FW-1] AW: [FW-1] Again: TCP packet out of state: First packet isn't SYN Hi Huga, thanks for your reply. I look at the server and there is no entry in the registry. That means, that the servers uses the default value of 2 hours. Is there another solution for this kind of problems? Greetings, Dirk -----Ursprüngliche Nachricht----- Von: Mailing list for discussion of Firewall-1 [mailto:[email protected]] Im Auftrag von hvdkooij Gesendet: Dienstag, 20. April 2010 11:32 An: [email protected] Betreff: Re: [FW-1] Again: TCP packet out of state: First packet isn't SYN On Tue, 20 Apr 2010 09:47:13 +0200, "Verweyen, Dirk" <[email protected]> wrote: > we have upgraded to a R70-Gateway running on SmartPlatform. > With this Gateway we are building a VPN to an UTM1-Edge. > > Between this VPN we have a problem, that our ERP-Client (Baan) > is losing his connection to his server. > > We have in both directions " TCP packet out of state: First packet isn't > SYN > tcp_flags: ACK" -- Errors. Sounds like inactive sessions. In those instances I always recommend to fix the servers and set their TCP Keep-Alive to 900 seconds. Hugo. -- JA, ik ben zo gek als een deur | NEE, dat komt nooit meer goed Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= IƧ�ç[È(^rCèŠ{S¢Ö¥Iç.®+r«^Ã�¬ÿ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= IƧ�ç[È(^rCèŠ{S¢Ö¥Iç.®+r«^Á¬ÿ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
