[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] TCP_TIMEOUT, perhaps?

To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: [FW1] TCP_TIMEOUT, perhaps?
From: Sashka T. Davis <std@jax.org>
Date: Wed, 1 Sep 1999 09:37:19 -0400 (EDT)



HI!

Sorry if this has been discussed before.

I have default-deny security policy installed on the firewalled
host (Ultra 1, Solaris 2.6, FW-1, v.4, SP2).
Here is my problem:
I have default deny security policy installed and my internal users
have unrestricted accesses to outside services. My users occasionally
have their http or ftp transfers hanging at 99% and never finish.
The firewall doesn't recognize the packets that belong to already
approved and established outbound sessions so it rejects them.
The denials in the fwlog are registered as
in-bound requests, the service name usually is a large number,
the protocol is TCP, and the port number is usually
http or ftp, or smpt. Usually happens to transfers that take more
than 5 minutes.  So I though that TCP timeout might
be at fault and I increased the timeout to 1000 minutes. This didn't
change anything. I still have the problem.


Any clues?

TIA,
Sashka





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] SNMP on NT
Next by Date: Re: [FW1] Looking for answers!
Prev by thread: [FW1] SNMP on NT
Next by thread: Re: [FW1] TCP_TIMEOUT, perhaps?
Index(es):
- Date
- Thread