HI All, I am try to diagnose a problem that *may* be related to our pf based firewall. About the time we implemented our our new firewall people started to report problems with our CISCO based VPN where connections are dropped more or less randomly (often after more than an hours connection). I have reviewed all the setting of the firewall that I believe to be relevant and checked the pf.log file to make certain that packets to/from the vpn concentrator are not being dropped.
While looking for possible things to tweak that might affect connections I found the 'set limit src-nodes' in the pf.conf man pages. Am I right in assuming that since I don't use any tag rules that I can safely ignore this option? The fw host machine is very lightly loaded (cpu in the order of 1%) and there is plenty of room in the state table (set at 50,000 -- I have never seen it over 35,000). Any other suggestions of things that I could/should check? Thanks, Russell. -- Russell Fulton /~\ The ASCII Network Security Officer \ / Ribbon Campaign The University of Auckland X Against HTML New Zealand / \ Email!