 | ||
 Smartdefense and TCP Sequence Verifier | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2006-08-01 | |||
| |||
 Smartdefense and TCP Sequence Verifier I am having this warning after i enabled the TCP sequence verifier from the smartdefense tab of my management server R55_HFA_12 and push the policy to IP 350 enforcement module. ------------------------ Warning: This gateway supports flows traffic acceleration. TCP Sequence Verifier (SmartDefense) will not be enforced on accelerated connections [ Flows warning no. 66 ------------------------- What i have found from the CP knowledge (sk26137) is: =============================================== Edit the $FWDIR/lib/user.def file on the SmartCenter Server. Add a table called tcp_f2f_ports that contains destination port numbers of relevant TCP services. Example: // Forward-to-Firewall TCP services tcp_f2f_ports = { < 5000, 5000>, < 6000, 6000>, < 7000, 7010> }; Save file and exit. Install Policy. Protection Solution #1 has performance implications. Connections matching tcp_f2f_ports won't be accelerated. ============================================= this means that its true for all the Nokia boxes, Wondering if any one here had the same issue? Also reading from the solution, looks like its an example and i need to write al the server ports number!! which is really a huge list then ...any suggestion here. Many thanks Dabral  |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
