Re: [FW1] ssh connections lost

Tue, 06 Feb 2001 07:26:11 -0800 


Hello,

It looks like a connection timeout. Check the TCP Session Timeout � the time period 
after which a TCP session will be considered to
have timed out For a detailed description of this parameter, see �Established TCP 
Connections� on page 322 in FireWall-1
Architecture and Administration.

Best regards,

Thierry De Leeuw

corne wrote:

> it's not just ssh, also telnet, oracle, etc.
>
> cheers
> corne
>
> > I have a situation where ssh connections from inside the fw dies some
> > arbitrary time after they were started.
> >
> > Doing a sniff on the network (both sides of the fw) reveals
> > the following:
> > packets happily flow from the client to the server. At some
> > stage the client
> > sends another packet, at which point the server doesn't
> > respond. This is the
> > stage where the ssh connection is now dead. The client now
> > sends a bunch of
> > retransmits, thinking that the session is still up.
> >
> > After the session drops, I see dropped packets in the fw log,
> > with the error
> > "unknown established tcp packet". This would indicate that
> > the fw no longer
> > has an entry in its state table for that connection.
> >
> > But why would the connection disappear from the table? From a
> > network sniff,
> > there is no indication that a reset or fin is sent, or
> > anything like that.
> > It seems as if the fw is arbitrarily removing that connection.
> >
> > Any ideas?
> >
> > Regards
> > Corne van Dyk
> > Dimension Data: Network security engineer
> > Tel: +27 21 659 2540
> > Fax: +27 21 659 2101
> > Helpdesk: +27 21 659 2112
> >
> >
> >
> > ==============================================================
> > ==================
> >      To unsubscribe from this mailing list, please see the
> > instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ==============================================================
> > ==================
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to