UDP timeout is set via menu options Policy, Properties, Security Policy tab.
I'm not using VPN and am not sure this is relevant, but there is a timeout
for address translation table entries completely separate from the TCP/UDP
connection table timeouts. It is unconfigurable on NT according to our tech
support contact, which causes us no end of trouble. Either we assign real
addresses to folks needing to maintain sessions all day or they have to
reconnect every time they take a break.
-----Original Message-----
From: Andrew McDonald [mailto:[EMAIL PROTECTED]]
Sent: Friday, October 06, 2000 8:15 AM
To: [EMAIL PROTECTED]
Subject: Checkpoint help...
Hi Folks, I was hoping that there would be someone in the group that could
help me in verifying (shooting it full of holes is OK too...) a theory I
have in relation to a particular problem.
I have a Client to LAN VPN (Formerly the Altiga client/concentrator)
application running through a Checkpoint firewall - The connection is
established and the user is able to do their work - all is good. BUT, when
the customer goes out for coffee and comes back the connection to the server
is lost. The tunnel however is still however stays up. I can verify this via
the concentrators UI. Bringing down and re-establishing the tunnel brings
back full functionality.
The connection is being PAT'd. We've configured IPSec over UPD. Connections
through a PIX to the same server are working.
So, I'm thinking idle timer. I've found references to TCP-TIMEOUT at
phoneboy but not UDP.
Two questions; Can you configure idle timers for UPD ports? Is there a way
to determine if specific UPD mappings are being dropped?
Thank you,
Andy McDonald
P.S. I have no user docs, contacts at checkpoint and have poked around on
the web - I know how you guys don't like people who haven't done their home
work... :-)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
