Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Ang: [VPN] Application timeouts over VPN...HELP!
.

  • To: [EMAIL PROTECTED]
  • Subject: Ang: [VPN] Application timeouts over VPN...HELP!
  • From: [EMAIL PROTECTED]
  • Date: Thu, 3 Apr 2003 23:37:28 +0200
  • Cc: [EMAIL PROTECTED]
  • Sender: [EMAIL PROTECTED]
.
 
Mike,

have you tried tweaking the timers in the firewalls? Usually you can
modify the idletime a firewall allows before considering a TCP-session
stale and closes it.

I do believe you can change the relevant settings for FW-1 in the
object.C file. I guess there's a spiffy knob somewhere in the GUI you
kan fiddle with otherwise...

HTH
/Palm





	[EMAIL PROTECTED]
2003-04-02 20:24

	Till:	[EMAIL PROTECTED] @ INTERNET
	Kopia:	(Blank: Hakan Palm/Generic)
	Ärende:	[VPN] Application timeouts over VPN...HELP!

We have a good and solid VPN between a Checkpoint and a NetScreen, its
up and solid. I can send 100 pings and get 100% response. Ping times
across the tunnel are 63ms average.  The developers for each company
keep saying that the "firewall" is dropping the packets. And it is.
Application A starts the session(syn), App B answers(synack), App
A(ack)....no problem. The apps even talks out to the correct DST ports.
Problem comes when App A tries to send info over the established session
(example src port 2565) but sends it out 65 seconds since the last
communications, the firewalls time out the session and App A should
resend over a new source port. It never does. It will try till its dying
days to communicate over that FIRST session.

I am a router firewall guy and not a programmer, is there anything that
I can do to lessen the problem from a firewall/VPN point of view? I keep
saying that they need to speed up response times on their TCP
communications and send "heartbeats". They call me "Non-Helpful"

I just want to fix it. Any ideas?


App A
-----------------Checkpoint========INTERNET===========NetScreen---------
-------------App B



_______________________________
Mike
Title: Message








We have a good and solid VPN 
between a Checkpoint and a NetScreen, its up and solid. I can send 100 pings and 
get 100% response. Ping times across the tunnel are 63ms average.  The 
developers for each company keep saying that the "firewall" is dropping the 
packets. And it is. Application A starts the session(syn), App B 
answers(synack), App A(ack)....no problem. The apps even talks out to the 
correct DST ports. Problem comes when App A tries to send info over the 
established session (example src port 2565) but sends it out 65 seconds since 
the last communications, the firewalls time out the session and App A should 
resend over a new source port. It never does. It will try till its dying days to 
communicate over that FIRST session.


 


I am a router firewall guy and 
not a programmer, is there anything that I can do to lessen the problem from a 
firewall/VPN point of view? I keep saying that they need to speed up response 
times on their TCP communications and send "heartbeats". They call me 
"Non-Helpful"


 


I just want to fix it. Any 
ideas?


 


 


App A 
-----------------Checkpoint========INTERNET===========NetScreen----------------------App 
B


 


 


_______________________________ 
Mike 






 







.










.


 







Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.