I am by no mean san expert when it comes to FW1 but I think it could be the
connection is being dropped from the state tables. My guess would be that you
might be able to look at the log viewer and see if the outside machines
connections are being dropped, if they are I would def.. look at the state
tables. As for pushing up the timeout on the tables I am pretty sure there is a
way and off the top of my head I can't think of it. Hope this helps (hopefully I
am not completely wrong =).
daniel
Andrew McDonald wrote:
> Hi Folks, I was hoping that there would be someone in the group that could
> help me in verifying (shooting it full of holes is OK too...) a theory I
> have in relation to a particular problem.
>
> I have a Client to LAN VPN (Formerly the Altiga client/concentrator)
> application running through a Checkpoint firewall - The connection is
> established and the user is able to do their work - all is good. BUT, when
> the customer goes out for coffee and comes back the connection to the server
> is lost. The tunnel however is still however stays up. I can verify this via
> the concentrators UI. Bringing down and re-establishing the tunnel brings
> back full functionality.
>
> The connection is being PAT'd. We've configured IPSec over UPD. Connections
> through a PIX to the same server are working.
>
> So, I'm thinking idle timer. I've found references to TCP-TIMEOUT at
> phoneboy but not UDP.
>
> Two questions; Can you configure idle timers for UPD ports? Is there a way
> to determine if specific UPD mappings are being dropped?
>
> Thank you,
>
> Andy McDonald
>
> P.S. I have no user docs, contacts at checkpoint and have poked around on
> the web - I know how you guys don't like people who haven't done their home
> work... :-)
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
