Thanks for the update, Werner. But what is to be done before the next release? ingnore?
Rajeev On 5/15/06, Brockhoven, Werner <[EMAIL PROTECTED]> wrote:
Hi, I was just informed by Nokia that there is a known issue in IPSO 3.9 B045 and should be fixed in the next release. Werner -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Rajeev Gupta Sent: Friday, May 12, 2006 15:09 To: [email protected] Subject: Re: [FW-1] message: Virtual defragmentation error: Timeout You may like to tweak fwfrag_limit and fwfrag_timeout parameters - specifically in the context of your error message, increasing fwfrag_timeout may help a bit - these are firewall's defragmentation parameters. However, if small tweaks do not help, the best ultimate solution is what you have already indicated: decreasing the mtu on the CCTV site. hth, Rajeev On 5/11/06, Matt Rose <[EMAIL PROTECTED]> wrote: > Hi, > > We are trying to access a CCTV website. > > Return traffic is getting dropped with Information: > > message: Virtual defragmentation error: Timeout > ip_id: 60365 > ip_len: 0 > ip_offset: 0 > fragments_dropped: 5 > during_sec: 60 > > I understand these drops are a feature of how Checkpoint handles fragmented packets. > > I have searched SecureKnowledge & Google and can not see how to configure Checkpoint to allow this, I would guess Global Properties, Stateful Inspection, Other IP protocols virtual session timeout??? > > This is happening on Nokia & Alteon firewalls with different versions of IPSO and Checkpoint on in a Provider1 environment. > > Would reducing the MTU size setting on the web server hosting the CCTV website sort this? > > TIA, > Matt. > > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
