I have an NG-FP1 Management Server that controls a mixture of
NG-FP1 and 41-SP6 Enforcement Modules at remote locations.
Just recently, a user behind one of my 41-SP6 Enforcement Modules
attempted to access (HTTP) a Web Server behind an NG-FP3 Firewall
within a separate organization, and was stopped by their Smart Defense
system - reason given was "Small PMTU" attack.
This sounds like a "false positive" to me, but I'm curious to know if
anyone else has encountered this issue, and/or what anyone might suggest
I do as a workaround.
ps. I should mention that I have ":ipsec_dont_fragment (false)" set in
my NG-FP1 Management Server's $FWDIR/conf/objects_5_0.C file for
each of my remote Enforcement Modules.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
