Only solution in my view is to allow non-sync packets. With FW-1 4.1SP2,
firewall drops any NON-SYNC packets for connections not present in connection
table. For established connections after TCP timeouts (3600 default)
client/server send non-sync packets and thus FW drop these packets. But in order
to allow these packets
Modify $FWDIR/lib/fwui_head.def (ONLY on MANAGEMENT SERVER)
Uncomment line:
#define ALLOW_NON_SYN_RULEBASE_MATCH
and reload policy.
Although under such circumstances anybody can send non-Syn packets (if rulebase
allows that connection.)
Rajeev
"Murphy, Paul" wrote:
>
> Hi group.
>
> So suppose I want a TCP session to be "always on"? TCP Sessions are timed
> out after the policy property settings; currently 3600 seconds for me.
>
> I have an application that is so well written that it requires a TCP session
> to be open indefinitely. Is it possible to remove the time out altogether,
> or even better, is there a way to remove the timeout for a particular rule
> or service?
>
> Cheers,
>
> Paul.
>
> ---------------------------------------------------------------------------------
> This e-mail is intended only for the above addressee. It may contain
> privileged information. If you are not the addressee you must not copy,
> distribute, disclose or use any of the information in it. If you have
> received it in error please delete it and immediately notify the
> sender.
>
> evolvebank.com is a division of Lloyds TSB Bank plc.
> Lloyds TSB Bank plc, 71 Lombard Street, London EC3P 3BS. Registered in
> England, number 2065. Telephone No: 020 7626 1500
> Lloyds TSB Scotland plc, Henry Duncan House, 120 George Street,
> Edinburgh EH2 4LH. Registered in Scotland, number 95237. Telephone
> No: 0131 225 4555
>
> Lloyds TSB Bank plc and Lloyds TSB Scotland plc are regulated by the
> Personal Investment Authority and represent only the Scottish Widows
> and Lloyds TSB Marketing Group for life assurance, pensions and
> investment business.
>
> Members of the UK Banking Ombudsman Scheme and signatories to the UK
> Banking Code.
> ----------------------------------------------------------------------------------
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
--
##################################################################
Rajeev Kumar ([EMAIL PROTECTED])
==> Web:: http://www.rajeevnet.com <==
##################################################################
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
