That would make sense, and I'll try it, but I still have one question. Is
there any way to tell what the current TCP timeout limit is for each F/W?
Short of documenting it somewhere off the Firewalls...
> ----------
> From: Loesch, John[SMTP:[EMAIL PROTECTED]]
> Sent: Friday, March 16, 2001 5:13 AM
> To: 'Croft, Ed'
> Subject: RE: [FW1] A New TCP Timeout question
>
> For now, you'll need to change the timeout, push the policy to Site B, and
> then change the timeout back. As long as these settings are "global",
> you'll have to remember to change the setting back after a policy push or
> the other Sites will pick it up next time you push to them...
>
> -----Original Message-----
> From: Croft, Ed [mailto:[EMAIL PROTECTED]]
> Sent: Friday, March 16, 2001 1:09 AM
> To: Checkpoint Mailing List
> Subject: [FW1] A New TCP Timeout question
>
>
>
> I have been watching the list and haven't seen this question posted. So
> if
> it has, please forgive me for asking again...
>
> We have one management console to take care of our primary F/W that most
> of
> the company (approx. 2000 users) uses at Site A (Sun/Unix box). This same
> management console also takes care of a secondary F/W at a different
> location (Site B, Nokia 330) that takes care of approx. 100 users. It has
> been requested that we increase the TCP timeout session from the default 1
> hour setting to 4-5 hours on the F/W at Site B (Nokia 330). While I do
> not
> think that it will be a problem for a F/W only handling 100 users, I don't
> want to make this change to the Primary F/W that is taking care of 2000
> users. As far as I can tell, you can only set the TCP timeout under
> properties of the management station, and that it would apply to both
> Firewalls.
>
>
> Internet Internet
> | |
> | |
> Site A (Unix)------Management console----Site B (Nokia)
> | |
> 2000 users 100 users
>
>
>
> Am I mistaken in thinking that I can not make individual TCP timeout
> settings to each of the Firewalls that our one management station takes
> care
> of?
>
> -Ed
>
> P.S. Thanks in advance for any help I can get on this problem. And no,
> training the user to shut down the application when they are not using it
> is
> not one of my options...
>
>
> ==========================================================================
> ==
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ==
> ====
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
