Thread: Strange Timeout issue in Checkpoint
View Single Post
  #3 (permalink)  
Old 2006-10-31
munit_si@yahoo.com munit_si@yahoo.com is offline
Junior Member
  
Join Date: 2006-02-21
Posts: 28
Rep Power: 0
munit_si@yahoo.com has an average reputation (10+)
Default Re: Strange Timeout issue in Checkpoint
Thanks a lot. But what does the below article means from checkpoint. It says that reset is being issued now as per the fix.


snippets below from the checkpoint site


Symptoms

* Application needs to receive a reset (RST) or FIN from the Security gateway after 3 minutes of inactivity indicating connection timeout.

Solution
VPN-1/FireWall-1 records all TCP connections with a certain timeout. Default timeout is one hour. When timeout is reached, connection is deleted from connections table. Certain applications, where connections stay idle for a time, then communication is resumed, need reset (RST) packets sent to client and server upon connection timeout. These packets prompt client and server to return ACK packets with correct sequences. VPN-1/FireWall-1 then generates RST packets based on returned sequences.

This problem was fixed. The fix is included in the following release(s): VPN-1/FireWall-1 NG with AI R55 HFA R55_02.

Check Point recommends to always upgrade to a recent version, and to the most recent HFA (HotFix Accumulator) of this version
Reply With Quote