Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] NGX and IPv6

from Peter Pramberger [Permanent Link]
Subject: Re: [FW-1] NGX and IPv6
From: Peter Pramberger <peter.pramberger AT 1012SURF DOT NET>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Sun, 15 Jan 2006 18:00:43 +0100 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've set it to 7200s.

Where can I find the docs (haven't found anything in SK)?


Regards,
Peter


Rajeev Gupta schrieb:

> I have some documentation from Check Point IPv6 and shall explore if
> this is reported as a bug and let you know. However, this does seem
> like a bug in case you have verified in the
> smartdashboard>Policy>Global Properties>Stateful Inspection>Default
> Session Timeout is set to 3600secs?
> 
> Rajeev
> 
> 
> On 1/15/06, Peter Pramberger <peter.pramberger AT 1012surf DOT net> wrote:
> 
> Hi all!
> 
> I'm currently working on a test installation of NGX (HFA01) to test its IPv6
> capabilities and found some issues.
> 
> It took me some time to find how to allow ICMP-Requests, but now ping is
> working without problems.
> 
> However, for TCP, it was neccessary to disable the TCP Sequence Verifier in
> SmartDefense, otherwise it wasn't possible to build any TCP connection (error
> in log was "Bad TCP sequence/Invalid ACK number").
> 
> Ok, so TCP is now working, but here is the next problem. Every SSH session
> times out after a very short period without any data being sent. Looking at
> the state table ("fw6 tab -t connections -f") shows, that the session timeout
> for _any_ TCP service is only the TCP start timeout (25s), even after full
> connection establishment (and initial data transfer). Way too short for any
> keepalives.
> 
> I found no way to increase the session timeout for TCP connections, even tried
> to explicitly set the value per service. Maybe a bug?
> 
> Has anyone else seen this behaviour? Is there a special document regarding NGX
> and IPv6?
> 
> 
> Regards,
> Peter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFDyn+7cKsx5K5ighwRAtMFAJ9tPtIzgiMODxLBlEy7ODB37daP6QCfQ/fi
66zzoej9GAlCkTTeT8B8/nI=
=+YJi
-----END PGP SIGNATURE-----

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [FW-1] Merging rule bases, Dirk Udo
Next by Date:  [FW-1] Gurus in this list. Please help, cisco4ng
Previous by Thread:  Re: [FW-1] NGX and IPv6, Rajeev Gupta
Next by Thread:  [FW-1] Merging rule bases, Dirk Udo
Indexes:  [Date] [Thread] [Top] [All Lists]