Re: [FW-1] message: Virtual defragmentation error: Timeout

Subject:	Re: [FW-1] message: Virtual defragmentation error: Timeout
From:	Rajeev Gupta <rgup14 AT GMAIL DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Mon, 15 May 2006 02:32:46 -0400

Thanks for the update, Werner. But what is to be done before the next
release? ingnore?

Rajeev

On 5/15/06, Brockhoven, Werner <Werner.Brockhoven AT hp DOT com> wrote:

Hi,

I was just informed by Nokia that there is a known issue in IPSO 3.9
B045 and should be fixed in the next release.

Werner

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Rajeev
Gupta
Sent: Friday, May 12, 2006 15:09
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] message: Virtual defragmentation error: Timeout

You may like to tweak fwfrag_limit and fwfrag_timeout parameters -
specifically in the context of your error message, increasing
fwfrag_timeout may help a bit - these are firewall's defragmentation
parameters. However, if small tweaks do not help, the best ultimate
solution is what you have already indicated: decreasing the mtu on the
CCTV site.

hth,

Rajeev

On 5/11/06, Matt Rose <bsod1 AT yahoo DOT com> wrote:
> Hi,
>
> We are trying to access a CCTV website.
>
> Return traffic is getting dropped with Information:
>
> message: Virtual defragmentation error: Timeout
> ip_id: 60365
> ip_len: 0
> ip_offset: 0
> fragments_dropped: 5
> during_sec: 60
>
> I understand these drops are a feature of how Checkpoint handles
fragmented packets.
>
> I have searched SecureKnowledge & Google and can not see how to
configure Checkpoint to allow this, I would guess Global Properties,
Stateful Inspection, Other IP protocols virtual session timeout???
>
> This is happening on Nokia & Alteon firewalls with different versions
of IPSO and Checkpoint on in a Provider1 environment.
>
> Would reducing the MTU size setting on the web server hosting the CCTV
website sort this?
>
> TIA,
> Matt.
>
>
>
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] message: Virtual defragmentation error: Timeout, Matt Rose Re: [FW-1] message: Virtual defragmentation error: Timeout, Brockhoven, Werner Re: [FW-1] message: Virtual defragmentation error: Timeout, Christian Chiaverini Re: [FW-1] message: Virtual defragmentation error: Timeout, Rajeev Gupta Re: [FW-1] message: Virtual defragmentation error: Timeout, Brockhoven, Werner Re: [FW-1] message: Virtual defragmentation error: Timeout, Rajeev Gupta <= Re: [FW-1] message: Virtual defragmentation error: Timeout, Brockhoven, Werner Re: [FW-1] message: Virtual defragmentation error: Timeout, Reinoud Koornstra Re: [FW-1] message: Virtual defragmentation error: Timeout, David Gillett

Previous by Date:	Re: [FW-1] Windows Mobile 5.0 and Secureclient, Mark Williams
Next by Date:	[FW-1] About VPN-1 Edge: limite rules?, carlopmart
Previous by Thread:	Re: [FW-1] message: Virtual defragmentation error: Timeout, Brockhoven, Werner
Next by Thread:	Re: [FW-1] message: Virtual defragmentation error: Timeout, Brockhoven, Werner
Indexes:	[Date] [Thread] [Top] [All Lists]