Okay, so the GUI client timeout fix still does not seem to work. However, we were able to resolve the timeout issue.
In the interest of science, here's what we did:
The problem turned out to be the very large number (>100) of saved rulebases. Since the management server apparently opens and closes all of them with each GUI connection (regardless of which ones you're working on; see $FWDIR/log/cpmgmt.aud on your favorite local management server), it was taking too long to load all of them and present the GUI, resulting in strange timeout and rulebase-saving issues. The fix was "simply" to move all the unneeded rulebases out of the $FWDIR/conf directory, delete rulebases.fws, stop fwm, run fwm -g *.W to regenerate the rulebases.fws, and restart fwm.
The moral of the story appears to be:
Keep your saved policies to a minimum.
Dan Hitchcock
CCNA, CCSE, MCSE
Security Analyst
Breakwater Security Associates
206.770.0700 x147
dhitchcock (at) breakwatersecurity (dot) com
http://www.breakwatersecurity.com
The registry setting listed on Phoneboy (http://www.phoneboy.com/faq/0206.html) regarding how to change the GUI client timeout in 4.1 is not working for me. The errors persist (Cannot connect to server, sequence or subject mismatch), and the GUI errors out just as quickly regardless of what setting I make in the registry. Does anyone have this working? We've got a suffering client who needs to increase this timeout value.
TIA -
Dan Hitchcock
CCNA, CCSE, MCSE
Security Analyst
Breakwater Security Associates
206.770.0700 x147
dhitchcock (at) breakwatersecurity (dot) com
http://www.breakwatersecurity.com
