Barry,
Figuring that CP is in the security related field,
it's probably for security reasons. Why should
a connection be left open, if nothing is going on?
Robert
>>> "Barry W. Kokotailo" <[EMAIL PROTECTED]> 8/17/00 1:33:41 PM >>>
>Well that is a good point. According to my working on the problem, there
>is a paramater called tcp keepalive. Unfortunately it has to be built within the
>client
>application. Noticed some threads about and Microsoft has some definitions in
>his Knowledge Base.
>
>The thing that is interesting is why Checkpoint limits the tcp idle time to 7200
>seconds.
>Any suggestions from the group?
>
>merlin
>
>Robert MacDonald wrote:
>
>> This seems awful expensive. Why spend big
>> $$(again) for a problem that can be fixed by
>> having the programmers fix the programs that
>> are running. Anything from a simple NOHUP
>> to actually spending 15 minutes to correct
>> the program to send all output to a file, email
>> or printer for analysis.
>>
>> Heck, why not just cron a ping or something.
>>
>> Robert
>>
>> - -
>> Robert P. MacDonald, Network Engineer
>> e-Business Infrastructure
>> G o r d o n F o o d S e r v i c e
>> Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>
>> >>> "Barry W. Kokotailo" <[EMAIL PROTECTED]> 8/16/00 7:27:46 PM >>>
>> >I have come across this same situation. As far as my experience, research, and
>> >asking of this group
>> >is concerned, the answer is "no".
>> >
>> >My suggestion would be to look into Nortel Extranet Contivity Switch products.
>> >Features:
>> >
>> >IPsec
>> >PPTP
>> >Time outs of 23 hours 59 minutes.
>> >Ability of users to change their own passphrases.
>> >Password aging.
>> >Authentication:
>> > User base
>> > Using pass phrases of at least 16 chars.
>> > Radius
>> > Entrust Certificates
>> > Ldap
>> >
>> >Secure Remote as a product is a nice freebie from Checkpoint, but it has some
>> >severe limitations, one of them
>> >being this tcp time out issue.
>> >
>> >Hope this helps.
>> >
>> >merlin
>> >
>> >Doug Schmidt wrote:
>> >
>> >> Hi,
>> >> I have called CP Support and also searched the Phonyboy FAQ's, but nothing.
>> >> CP Support told me to increase the TCP Session Timeout. Which has a max
>> >> setting of 6500 seconds ( ~2 hours) which is not long enough for our needs.
>> >>
>> >> We have our user LAN behind the FW. Some of our developers on this LAN, need
>> >> to have telnet/ssh connections
>> >> to some servers (outside the FW), While these connections are open, they run
>> >> some jobs, which can last anywhere
>> >> from minutes to many hours. In the case of a job lasting say 4-5 hours, this
>> >> would not be long enough, since the FW
>> >> will drop the TCP Session when it is not active.
>> >>
>> >> Is/are there any workarounds fixes to this problem? Any advise would be
>> >> great.
>> >>
>> >> Firewall Version 4.1 Build 41489 running on Slowaris 2.7
>> >>
>> >> ~D
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
