David,
there's an ARP config statement for PIX which defaults to:
arp timeout 14400
It does mean 14400 secons or 4 hours. Fortunately, you can change the
timeout to lower value, for example
arp timeout 300
to force PIX to forget MAC entries after 5 minutes.
What key TCP/IP function the PIX doesn't implement? If you use this box as
it is designed for, you shouldn't have any problems except of the complexity
of configuration of large rulebases and the lack of management features.
Kindly regards
Norbert Schaar
Firewall Team - Network Security Services
Dresdner Global IT Services - DreGIS
Dresdner Bank AG
-----Original Message-----
From: David Lang [mailto:[EMAIL PROTECTED]]
Sent: Dienstag, 19. Januar 1999 20:40
To: rich
Cc: [EMAIL PROTECTED]
Subject: Re: Resonate and Pix
-----BEGIN PGP SIGNED MESSAGE-----
I was just speaking with Resonate last friday as they were going over my
network looking for problems. They were pleased to find that the PIX I
have was not going to be in frount of the boxes using Central Dispatch.
According to them the PIX does not implement some key TCP/IP functions
needed to make things work. Apparently the CISCO Local directer used to
have the same problem until some large CISCO customer complained enough. I
believe it has to do with the PIX not accepting gratuitus ARP packets (I
know I have had problems with te PIX and it's s l o w arp refresh when I
have changed NICs in machines).
David Lang
"If users are made to understand that the system administrator's job is to
make computers run, and not to make them happy, they can, in fact, be made
happy most of the time. If users are allowed to believe that the system
administrator's job is to make them happy, they can, in fact, never be made
happy."
- -Paul Evans (as quoted by Barb Dijker in "Managing Support Staff", LISA
'97)
On Tue, 19 Jan 1999, rich wrote:
> Date: Tue, 19 Jan 1999 12:16:21 -0500
> From: rich <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Resonate and Pix
>
> Just curious if anyone has worked with or found workarounds for the
> problems encountered with Resonate software BEHIND a pix firewall.
>
> thanks,
> r
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQEVAwUBNqTfiz7msCGEppcbAQEMUwgAmALwMxwv15gA8tXJlvVSHNuyns1KwJLp
30YLrZ4GaJG1BvmtKB5yZ7fm4/K5d6f/932ZTEscQoYJukVWV9fF88eLW0khaoU6
3Mf/gBwqbwuzQLpeI81kukmgeZH/KA5yEzwGpKZbePSpKeC9GuUlPI/H6NR+uxHf
8eBAl68oNYtGOrx0YqtxKYH9K3nuo3j+gYVX04jvZzGsvu92ciW3qGXN9tJtg+0M
X628vbZ6m5XS1Pps1d0bkxOaCxuoStNTv1sC0Be/4qdIDtQnHb6TPgE5linX7km7
QEJL6OyqqnFW5OQkXlYD0qie8kcISHjV6HDGhjexovEKBsqbFkhpLQ==
=KL99
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
