In the telnet process, the remote box will usually attempt to send an IDENT packet
back to the sender. As this will appear to the firewall as an unsolicited IDENT
query, it will be dropped. You can validate this by 1) looking in the log viewer
for entries on the cleanup rule, 2) create a rule that says any externalnat-ip any
drop.
You should see the incoming ident package being dropped.
Of course part of the problem is the DNS that the others have spoken of.
BTW, you can deal with this problem if you create a rule that says any
externalnat-ip ident reject.
Cheers,
[EMAIL PROTECTED] wrote:
> Here's a problem that I've been wrestling with for the past three months.
> When making an outbound TELNET or FTP connection, the client connects
> immediately but doesn't receive a logon prompt till about 60 seconds
> afterwards. At that point the users can login and everthing functions
> properly.
>
> Any ideas?
>
> Damir Matanic
> Chicago
> >
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
