Inline...
>>> "Barry W. Kokotailo" <[EMAIL PROTECTED]> 8/17/00 5:46:54 PM >>>
>The logic that Checkpoint has in the tcp timeout feature is correct from a security
>standpoint.
>If the user is not using the tcp connection for an extended period of time, in this
>case a max of
>2hours, drop the connection from the state table.
>
>Unfortunately, in the real world, we have these people that insist on logging on once
>in the morning and
>leaving the application idle until they need to access the application. At times this
>could be up to ten hours.
>And they have large mouths and they scream and yell when they have their sessions
>dropped. So I have to find
>another solution.
Barry, you should know by now that CP doesn't live
in the real world. ;-)
I agree with your sentiments about the real world users,
but I don't agree about leaving a terminal session open
for hours on end without any activity. As we've seen,
this is an issue for each company to figure out. We can
give the pros and cons of the why's and why nots, but
in the end, someone higher in the food chain will make
a decision - right or wrong, we get to live with it(or not).
We all know this is a personal/political opinion and
so I'll leave it alone now.
>
>As for our collegue who previously posted, he has some
>programmers that need to have their sessions idle for a
>considerable amount of time.
IMO, my current and previous comments/suggestions
stand.
Thanks Barry.
Robert
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
