I am sure o lot of peoples want that.
> -----Original Message-----
> From: Jim Nelson [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, August 31, 2000 1:12 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [FW1] TCP timeout problem with 4.1 SP2
>
> What is the best way to extend the TCP connection timeout? There are two
> entries in the object.C file: tcptimeout and tcpendtimout. (See the
> article "How to change the TCP session timeout for closing connections on
> FireWall-1" on the secure Knowledge Base.)
>
> Is there some combination of configuration entries that extends the TCP
> statetable timeout? Presently, I am using Checkpoint 4.1 SP2 and I have
> the tcptimeout set to 86400 seconds (24 hours). But this configuration did
> not resolve my problems I am experiencing with entries timing out in the
> statetable.
>
> Using Checkpoint 4.0, I was able to set the "TCP Session Timeout"
> (tcptimeout) to 86400 seconds, and the connectivity issues went away. I
> want Checkpoint 4.1 SP2 to work like Checkpoint 4.0. Any ideas?...
>
> ----- Original Message -----
> From: Jim Nelson <mailto:[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>
> Sent: Tuesday, August 29, 2000 4:17 PM
> Subject: [FW1] TCP timeout problem with 4.1 SP2
>
>
> Hello all,
>
> I have a question that maybe someone can help me with. After
> installing an upgrade Checkpoint Firewall-1, I have been getting errors in
> the Checkpoint logs, "unknown established TCP packet". This is happening
> between a web-server and database that are separated by a Checkpoint
> firewall 4.1 SP2 cluster. The clustering software is RainWall.
>
> There is a DB client running on the web-server that initiates 20
> (something) TCP connections to the DB-server. These connections are timing
> out between uses, causing the error above. Consequently, the DB-server
> cannot send important information to the web-server, creating an error.
> This is not a routing issue, because the TCP session is being created and
> dropped on the same firewall (one member of the cluster).
>
> The "TCP Session Timeout," under Policy/Properties, was modified to
> 24 hours (86400 seconds), the maximum time allow. However, as I found out
> later, this only seemed to exacerbate the problem. After looking at the
> logs the timeout went from 2 hours to under 5 minutes.
>
> Because of the urgency of this problem, it was decided to pull the
> upgraded firewall (4.1 SP2) cluster out of production and put the
> Checkpoint 4.0 firewall back.
>
> Looking on the knowledge base, I found a solution for "How to change
> the TCP session timeout for closing connections on FireWall-1". It talks
> about modifying the object.C file, and adding the a line for
> tcpendtimeout; however, it does not give any recommendation of a range of
> values for this configuration or how it interacts with the tcptimeout
> configuration (see object.C file).
>
> Does any one know what would be a good configuration for both the
> tcpendtimeout and the "TCP Session Timeout" (i.e., tcptimeout)?
>
> Thanks
>
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
