This is probably due to the fact that Checkpoint has tightened the methods by which the kernel handles connections that have been idle for some time. There is a default timeout value, 60 seconds if memory servers me right, in that if the fw kernel does not receive any communication it wipes the connection from it's state table. Thus when the server once again tries to contact using it's original connection CP drops it because it's wiped the connection from it's stable table so no longer knows about it. There are two methods to fix this. One is to revert back to old behavior by modifying table.def on the firewall (not reccommended, address spoofing security risk) or to modify the server so that it sends keep alive packets to the machine it's communicating with. In this manner the fw kernel sees constant traffic and does not tear down the connection. Juan Concepcion Network Security Engineer CCSA CCSE [EMAIL PROTECTED]
Return-Path: <[EMAIL PROTECTED]> Received: from beethoven.us.checkpoint.com ([206.184.151.194]) by merlin (EarthLink SMTP Server) with ESMTP id tq6jlq.q2.37tiu4s Sat, 15 Sep 2001 05:51:06 -0700 (PDT) Received: (from majordom@localhost) by beethoven.us.checkpoint.com (8.9.3+Sun/8.9.3/CPbeethoven/2.1.1) id UAB05575 for fw-1-mailinglist-outgoing; Fri, 14 Sep 2001 20:46:50 -0700 (PDT) Received: from us.checkpoint.com (oak.us.checkpoint.com [206.184.151.234]) by beethoven.us.checkpoint.com (8.9.3+Sun/8.9.3/CPbeethoven/2.1.1) with ESMTP id UAA05571 for <[EMAIL PROTECTED]>; Fri, 14 Sep 2001 20:46:47 -0700 (PDT) Received: from abbazabba.us.checkpoint.com (localhost [127.0.0.1]) by us.checkpoint.com (8.11.6/8.11.6/CPoak/8.11.6-090401) with ESMTP id f8F3kaS20552 for <[EMAIL PROTECTED]>; Fri, 14 Sep 2001 20:46:36 -0700 (PDT) Received: from web10804.mail.yahoo.com (web10804.mail.yahoo.com [216.136.130.246]) by abbazabba.us.checkpoint.com (8.11.3/8.10.1/CPmx/1.3.0) with SMTP id f8F3kef05143 for <[EMAIL PROTECTED]>; Fri, 14 Sep 2001 20:46:40 -0700 (PDT) Message-ID: <[EMAIL PROTECTED]> Received: from [24.4.162.130] by web10804.mail.yahoo.com via HTTP; Fri, 14 Sep 2001 20:46:40 PDT Date: Fri, 14 Sep 2001 20:46:40 -0700 (PDT) From: "FW.admin in Training" <[EMAIL PROTECTED]> Subject: [FW1] SMTP issues with v4.1 SP4 & SP5 To: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: [EMAIL PROTECTED] Precedence: list Errors-To: [EMAIL PROTECTED] Hopefully someone has seen this issue and has an idea or two. We have been running FW-1 ver 4.1 SP2 for too long. We decided to upgrade the IP650's to ver 4.1 SP4. After the boot manager was up'd, and IPSO from 3.2.1 to 3.4, I loaded SP4. Reloaded the backup config, re-edited the conf files Checkpoint over wrote and all seemed to work. Then the calls came in.... TCP/IP connections seemed to drop on rule 0. SMTP traffic into a 3rd party SMTP scanner timed out on rule 0 after exactly 5 minutes when passed on to our GroupWise PO gateway. The GroupWise server would complain about wrong sequence, recipient first or something to that effect. Then after 10 - 15 minutes it would go down. I disabled the FLOWs option, disabled the SYN defender, redid putkeys, validated routes, NAT, rules, timeout settings, registry hacks ( NT management ) --- all to no avail. I did not have the SMTP engine running in the firewall, as far as I could tell anyway. The only remedy was to revert back to IPSO 3.2.1 and ver 4.1 SP2 ! T.I.A. __________________________________________________ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
