'Re: [FW-1] Connection Dropout'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewall-1
Subject:    Re: [FW-1] Connection Dropout
From:       "Burton, Chris" <Chris.Burton () DIG ! COM>
Date:       2004-03-30 18:04:35
Message-ID: 496A2C679221504D8B8AE4B10267E8760386E032 () gb-sm-cala-xm11 ! corp ! disney ! com
[Download RAW message or body]

        If I am not mistaken there are several options under the
enforcement object itself under the "Advanced" option that will allow
you to either "Keep all connections", "Keep data connections", and
"Rematch Connections".  Assuming it is not an issue in the underlying
levels (i.e. Layer2, Layer3) I would check to see what options you have
this set to.

Chris Burton
Network Engineer
Walt Disney Internet Group: Network Services

The information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above. If
the reader of this e-mail is not the intended recipient, or the employee
or agent responsible to deliver it to the intended recipient, you are
hereby notified that any review, dissemination, distribution or copying
of this communication is strictly prohibited. If you have received this
e-mail in error, please contact Walt Disney Internet Group at
206-664-4000.



-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM] On Behalf Of Ayden
Nash
Sent: Monday, March 29, 2004 9:47 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Connection Dropout

Hi all,

We have a stand alone Windows 2000 server running NG AI R54 on a HP
DL140 server. When installing the policy TCP connections seems to hang
for about two minutes before allowing connectivity through the firewall
(I.E. - The VPN goes down and access to 'allowed' services hang for
approx. 2 minutes) after this time services restore, the IKE takes place
and the VPN comes back along with services (users being able to browse,
SSH, TELNET etc.). If in the 2 minute blackhole you attempt to browse
(even from the firewall itself, you can't connect, but you can PING and
look up DNS records).
This all happens when you push a policy. The network cards seem to
jitter (They are Broadcom Netextreme). Has anyone seen this happen
before? Everything runs smoothly as long as you don't push a policy.

Thanks and regards,
Ayden

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic