Re: [FW-1] Timeout in Checkpoint Firewall NG?

Subject:	Re: [FW-1] Timeout in Checkpoint Firewall NG?
From:	Jim Johnson <jimpublic AT FRHS DOT ORG>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Tue, 10 Apr 2007 09:38:27 -0500

This workaround (modifying the session timeout) does work, as we've had to
use it.  We did get CP to write a patch for R61 which fixed this issue for
us (i.e. no need to modify session timeout).  I'm hoping that it's fixed in
R65, but I'm holding off on that upgrade for a while.

> -----Original Message-----
> From: Mailing list for discussion of Firewall-1 
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf 
> Of Paul Hanson
> Sent: Tuesday, April 10, 2007 8:57 AM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] Timeout in Checkpoint Firewall NG?
> 
> Open Dashboard
> 
> 1. Select Manage > Services 
> 2. In the Services dialog box, select the TCP service for 
> which the session
> timeout value will be modified 
> 3. Click on Edit 
> 4. In the TCP Service Properties dialog box, click on Advanced 
> 5. In the Advanced TCP Service Properties dialog box, select 
> the Other radio
> button in the Session Timeout section 
> 6. In the Other field, delete the current session timeout 
> value and enter
> the desired session timeout value in seconds 
> 7. Click on OK in the Advanced TCP Service Properties dialog box 
> 8. Click on OK in the TCP Service Properties dialog box 
> 9. Click on Close in the Services dialog box 
> 10. Install the security policy from the Policy Editor to 
> enable the new
> session timeout  
> 
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Eric
> Brouwer (Corporate DET)
> Sent: Tuesday, April 10, 2007 8:49 AM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: [FW-1] Timeout in Checkpoint Firewall NG?
> 
> Good morning,
> 
> I'm having a strange problem with my video conference setup 
> and I think I've
> tracked it back to my firewall.  Is there any kind of setting 
> that would
> cause the firewall to close an idle connection?  If so, where 
> can I find it,
> and can it be changed?  I am running FW NG on a Nokia box.
> 
> Here's why I think this is the issue:
> 1) My video bridge initiates communication with my video 
> units on port 1720
> to establish a connection.
> 2) Once a connection is made, video and audio use ports in 
> the 3500 range.
> 3) Every 2 hours, the entire call goes down, and it looks to 
> have terminated
> normally.
> 4) During the call, no traffic uses 1720 anymore.  It is only 
> used at the
> end of the call, to terminate the connection.  I think the firewall is
> closing that connection prematurely.  The video vendor said 
> if this tunnel
> is closed, the video units would think the call ended, and close their
> connections.
> 
> Hopefully, I can change this setting.
> 
> Thanks,
> 
> Eric
> 
> =================================================
> To set vacation, Out-Of-Office, or away messages, send an email to
> LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your subscription 
> options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
> 
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
> 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] VoIP Hofix anyone?, Millan, Raul [FW-1] Timeout in Checkpoint Firewall NG?, Eric Brouwer (Corporate DET) Re: [FW-1] Timeout in Checkpoint Firewall NG?, Paul Hanson Re: [FW-1] Timeout in Checkpoint Firewall NG?, Jim Johnson <=

Previous by Date:	Re: [FW-1] Timeout in Checkpoint Firewall NG?, Paul Hanson
Next by Date:	Re: [FW-1] Previous licenses are 'missing' from UserCenter., Hugo van der Kooij
Previous by Thread:	Re: [FW-1] Timeout in Checkpoint Firewall NG?, Paul Hanson
Next by Thread:	[FW-1] DNS resolution issues with Secure Client, Sergio Alvarez
Indexes:	[Date] [Thread] [Top] [All Lists]