RE: [FW1] tcp session timeout

Frost, Timothy E Thu, 25 Jan 2001 14:16:43 -0800

This won't work for Net8, because Net8 opens secondary ports.

Any protocol which opens secondary ports will have the same problem, because
those secondary ports can't be permanently recorded in the timeout table.

-- 
Timothy Frost                   mailto:[EMAIL PROTECTED]
EDS New Zealand                 Fax: +64-4-495-0473
8 Gilmer Terrace                Phone: +64-4-495-0504
P O Box 3647
Wellington
New Zealand


-----Original Message-----
From: Joe Matusiewicz [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 26, 2001 5:03 AM
To: Johan Strom; Quentin Antrim;
[EMAIL PROTECTED]
Subject: Re: [FW1] tcp session timeout




I'm having a similar problem with users who are using SecuRemote 
complaining that their sqlnet2 sessions are timing out prematurely even 
though I have the SecuRemote timeout set to two hours.  Does anyone know if 
the following fix may solve this problem?


-- Joe


At 05:21 AM 1/25/01, Johan Strom wrote:

>Hi Quentin.
>
>We had the same problem and the session drop after 1 hour. Yes the policy
>properteries has an entry tcp sesion timeout 3600 sec.
>What we did was a change in the init.def file as follows:
>
>#define ADD_TCP_TIMEOUT(port,to) (record <port;to> in tcp_timeouts)
>
>(
>         <0> in tcp_timeouts
>) or (
>         ADD_TCP_TIMEOUT(21,FTP_CONTROL_TIMEOUT),
>         ADD_TCP_TIMEOUT(1521,28800),   **** add this line and the timeout
>will be 8 hours instead
>         ADD_TCP_TIMEOUT(0,0)
>);
>
>
>#endif /* __init_def__ */
>
>The init.def file is located in $FWDIR/lib/
>
>This is the only way to change the tcp timeout for a specific port.
>
>I hope this help.
>
>Regards
>
>Johan
>----- Original Message -----
>From: "Quentin Antrim" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Wednesday, January 24, 2001 10:59 PM
>Subject: [FW1] tcp session timeout
>
>
> >
> > I've got a problem with what I think is a TCP session timeout between
two
>servers on either side of a Checkpoint Firewall.  Here's the scenario:
> > Checkpoint FW-1 SP3.  Web server on one side of the firewall, an oracle
>database on the other side using Net8.  Have a rule allowing the web 
>server to contact the oracle server via sqlnet2 service.



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
RE: [FW1] tcp session timeout

Reply via email to
