Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: [FW-1] SecureClient
.

  • To: [EMAIL PROTECTED]
  • Subject: Re: [FW-1] SecureClient
  • From: Jason Cameron <[EMAIL PROTECTED]>
  • Date: Thu, 19 Feb 2004 10:15:47 +0200
  • Reply-to: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]>
  • Sender: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]>
  • Thread-index: AcP2rLPj1A13SvFaTpWTp4VGJcVhkwAC7h2AAAIGCHA=
  • Thread-topic: [FW-1] SecureClient
.
 
Thanks Dion ,

What do you set your authentication timeout to is 60 minutes to long ??

-----Original Message-----
From: Hendriks, D. [mailto:[EMAIL PROTECTED] 
Sent: Thursday, February 19, 2004 9:29 AM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] SecureClient

Hi Jason,
>
> Secure Client sends keep alives to the Fw Cluster to keep the
> connection
> Alive and The Firewall Sends the SCV_keepalive to the Client??
>
> Is this correct.

Not quite....
The keep alive for the tunnel is send by the Client. one icmp packet
every 20 seconds or so.

The SCV_keepalive has to do with the SecureConfigurationVerification.
The client has to validate by a set of rules ($fwdir/conf/local.scv) in
you can allow traffic on the condition the client is conforming the SCV
check. The FW has to know if the Client is SCV'ed hench the
SCV-keepalive from the FW to the Client.

Both these keepalive are 'one ping only' so they should not have a
significant impact on performance.

Backconnection is not a security issue, it just makes sure that the
tunnel exists as long as the client is running and that it does not
time-out so that traffic can be initiated from your network to the
client securely through the tunnel.

Dion

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.