Increasing Global TCP Timeout Some versions of the GUI do not allow you to set the TCP Timeout value past 2 hours. Check Point says TCP Timeout can be set up to 24 hours. In $FWDIR/lib/base.def there's a section that looks like this:
#define TCP_ESTABLISHED_RECORD(con,key,type) ( ((type & _TCP_ESTABLISHED) = 0, not_first, set type (type | _TCP_ESTABLISHED), record in connections ) or 1 )
You can multiply the TCP_TIMEOUT by some factor, which basically changes the units in the Policy Properties. So, if you put TCP_TIMEOUT*6, now the number you enter in Properties is multiplied by 6 seconds, not 1 second. Note that in no case is a timeout larger than 24 hours allowed. If you look at the output of 'fw tab -u table connections', the last column shows you the tcp connection timeout value. It's a way of checking that the change you make is really taking effect.
If you are also doing NAT in a version prior to 4.1, you will need to do the following. For Solaris, type:
echo "fwx_tcp_expiration?W 0x" | adb -w -k /dev/ksyms /dev/mem echo "fwx_udp_expiration?W 0x" | adb -w -k /dev/ksyms /dev/mem
where is the number of seconds you'd like to keep hidden connections, converted to hex. For example, to make the tcp timeout 14,000 seconds type:
echo "fwx_tcp_expiration?W 0x36B0" | adb -w -k /dev/ksyms /dev/mem
--
GuyR - 18 Jan 2004
FAQForm FAQs.Class:
ServicesFAQs FAQs.OS: FAQs.Version:
Increasing Global TCP Timeout 
2005-08-13 
Increasing Global TCP Timeout 
Linear Mode
