Hi
Just a quick comment:-
I heard a CCSI say that CP's 'official' stance was NOT to use SYN Defender
- because of known problems........ (!) - and only use it when you think
you are being attacked.
Tim Higgins
Frank <[EMAIL PROTECTED]>
Sent by: To:
[EMAIL PROTECTED]
[EMAIL PROTECTED] cc:
kpoint.com Subject: Re: [FW1]
More SYN Defender Problems
13/06/00 16:15
I'm seeing the same thing. My TCP timeout is way up there in thousands of
seconds. The SYN defender timeout is 60 seconds.
Database access between firewall segements fail.
Can SYN defender be turned on for only one interface?
Frank
On Tue, 13 Jun 2000, Cisco Wave wrote:
> I thought about this too, but it can't explain why it
> is happening for different vendors and different
> systems and different appplications (even plain ftp).
>
>
> -----Original Message-----
>
> what about your tcp connection timeout? not
> syndefender, but tcp connection time
> out. looks like the time out are for your tcp
> services.
>
> Cisco Wave wrote:
>
> > morning with some external vender, because a few
> > applications are failing when SYNDef is set.
> >
> > -----Original Message-----
> > From: Frank [SMTP:[EMAIL PROTECTED]]
> >
> > Thank you for all the suggestions.
> >
> > However, I set it to the max. timeout of 60 sec. and
> > it's blocks so many
> > of our applications. BigBrother, http, database all
> > sorts of applications
> > are getting blocked. Mostly communication between
> > ethernet segments.
> >
> > I'm running 4.0 with SP 5. Various Solaris and Nokia
> > firewalls. Mostly an
> > NT network with a few Solaris servers for database.
> >
> > Passive and non-passive SYN gateway don't seem to
> make
> > any difference.
> >
> > Anything else I can do?
> >
> > Frank
> >
> > On Fri, 9 Jun 2000, Frank wrote:
> >
> > > Date: Fri, 9 Jun 2000 12:20:36 -0700 (PDT)
> > > From: Frank <[EMAIL PROTECTED]>
> > > To: [EMAIL PROTECTED]
> > > Subject: SYN Defender Problems
> > >
> > > I'm attempting to configure SYN Defender. It seem
> > that any option I choose
> > > appears to block access to our mail server (MS
> > Exchange). I've tried all
> > > the options and increased the timeout to 20.
> > >
> > > Any ideas?
> > >
> > >
> >
> >
>
================================================================================
> > To unsubscribe from this mailing list, please
> see
> > the instructions at
> >
> > http://www.checkpoint.com/services/mailing.html
> >
>
================================================================================
> >
> > Thank you,
> >
> > =====
> > We are NOT Cisco Inc.
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Photos -- now, 100 FREE prints!
> > http://photos.yahoo.com
> >
> >
>
================================================================================
> > To unsubscribe from this mailing list, please
> see the instructions at
> >
> http://www.checkpoint.com/services/mailing.html
> >
>
================================================================================
>
>
>
>
> =====
> We are NOT Cisco Inc.
>
> __________________________________________________
> Do You Yahoo!?
> Send online invitations with Yahoo! Invites.
> http://invites.yahoo.com
>
>
>
================================================================================
> To unsubscribe from this mailing list, please see the instructions
at
> http://www.checkpoint.com/services/mailing.html
>
================================================================================
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
#**********************************************************************
This message is intended solely for the use of the individual
or organisation to whom it is addressed. It may contain
privileged or confidential information. If you have received
this message in error, please notify the originator immediately.
If you are not the intended recipient, you should not use,
copy, alter, or disclose the contents of this message. All
information or opinions expressed in this message and/or
any attachments are those of the author and are not
necessarily those of Hughes Network Systems Limited,
including its European subsidiaries and affiliates. Hughes
Network Systems Limited, including its European
subsidiaries and affiliates accepts no responsibility for loss
or damage arising from its use, including damage from virus.
#**********************************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
