Windows File Sharing issue over VPN

Good afternoon ladies and gentlemen. Has anyone encountered
the
following errors when trying to do windows file transfers
over VPN
between site to site links? The first is "The path is
too deep." The
second is the specified network name is no longer available.
There is no
consistancy to which tunnels seem to be having the issues.
All of our
firewalls are running RHEL 3.0 with NGX R60 HFA2 and a few
on HFA3. We
do have Smart Defense subscription but all of the File and
Print sharing
protections are currently in Monitor only mode. I'm seeing
no sign of
any drops or rejects in the firewall logs in regards to
these attempted
file transfers. Does the above seem to be a firewall issue
or more of a
Windows OS issue itself? The transfers have been tried
between various
Windows OS's including 2003 server SP1 to XP SP2 etc. I've
done some
scp's via Linux between the sites with no issues. If anyone
has
experienced these issues any info would be great. I did try
lowering the
mtu on one of the workstations and adding the pmtudiscovery
registry key
but it still fails. The file transfers sizes have been
between 1 and 6MB
but there has been no real rhyme or reason to which sites
fail between
which sites.

Jeremy Lieb CCSE-NG CCSE+NG
Firewall Administrator
Open Text Corporation
100 Tri-State Int'l Pkwy
Third Floor
Lincolnshire, IL 60069
18472679330  ext 4395
 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

Try cutting off the monitor only. Even in monitor only mode
you are
still using the same checks you would if you were dropping
the packets.
I saw something very similar and cutting off monitor only
mode seemed to
fix the issue.

-GS 

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of Jeremy
Lieb
Sent: Thursday, September 21, 2006 4:15 PM
To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Windows File Sharing issue over VPN

Good afternoon ladies and gentlemen. Has anyone encountered
the
following errors when trying to do windows file transfers
over VPN
between site to site links? The first is "The path is
too deep." The
second is the specified network name is no longer available.
There is no
consistancy to which tunnels seem to be having the issues.
All of our
firewalls are running RHEL 3.0 with NGX R60 HFA2 and a few
on HFA3. We
do have Smart Defense subscription but all of the File and
Print sharing
protections are currently in Monitor only mode. I'm seeing
no sign of
any drops or rejects in the firewall logs in regards to
these attempted
file transfers. Does the above seem to be a firewall issue
or more of a
Windows OS issue itself? The transfers have been tried
between various
Windows OS's including 2003 server SP1 to XP SP2 etc. I've
done some
scp's via Linux between the sites with no issues. If anyone
has
experienced these issues any info would be great. I did try
lowering the
mtu on one of the workstations and adding the pmtudiscovery
registry key
but it still fails. The file transfers sizes have been
between 1 and 6MB
but there has been no real rhyme or reason to which sites
fail between
which sites.

Jeremy Lieb CCSE-NG CCSE+NG
Firewall Administrator
Open Text Corporation
100 Tri-State Int'l Pkwy
Third Floor
Lincolnshire, IL 60069
18472679330  ext 4395
 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

Hi Jeremy,

Windows NT, 2K and XP have a limitation of 256 characters on
the path
length, so if you are trying to copy something with a path
greater, it
can fail. 

Also, try copying using robocopy or totalcopy as sometimes
this gets
around it.

http://www.ranvik.ne
t/totalcopy/


Regards,

Trevor Lee



-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of Jeremy
Lieb
Sent: Friday, 22 September 2006 4:15 AM
To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Windows File Sharing issue over VPN

Good afternoon ladies and gentlemen. Has anyone encountered
the
following errors when trying to do windows file transfers
over VPN
between site to site links? The first is "The path is
too deep." The
second is the specified network name is no longer available.
There is no
consistancy to which tunnels seem to be having the issues.
All of our
firewalls are running RHEL 3.0 with NGX R60 HFA2 and a few
on HFA3. We
do have Smart Defense subscription but all of the File and
Print sharing
protections are currently in Monitor only mode. I'm seeing
no sign of
any drops or rejects in the firewall logs in regards to
these attempted
file transfers. Does the above seem to be a firewall issue
or more of a
Windows OS issue itself? The transfers have been tried
between various
Windows OS's including 2003 server SP1 to XP SP2 etc. I've
done some
scp's via Linux between the sites with no issues. If anyone
has
experienced these issues any info would be great. I did try
lowering the
mtu on one of the workstations and adding the pmtudiscovery
registry key
but it still fails. The file transfers sizes have been
between 1 and 6MB
but there has been no real rhyme or reason to which sites
fail between
which sites.

Jeremy Lieb CCSE-NG CCSE+NG
Firewall Administrator
Open Text Corporation
100 Tri-State Int'l Pkwy
Third Floor
Lincolnshire, IL 60069
18472679330  ext 4395
 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

Hi,

Does eventia analyzer uses the same logs as you see in the
tracker.
Lately we have been getting critical alerts that ip
addresses (always 
others) are opening over a million smtp connections through
the firewall. 
If I search in the tracker I only see a couple logs entries
from those 
addresses..

Anyone has more information about this?

Tnx in advance

Steven

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

Eventia Reporter has 2 reports Standard and Express

Standard reports are generated from information in log
consolidator log
files through the consolidation process 

Express reports are generated from data collected from check
point
system counters and smartview monitor history files

JP



-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of Steven
De Pauw
Sent: Thursday, 28 September 2006 6:59 PM
To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Eventia analyzer

Hi,

Does eventia analyzer uses the same logs as you see in the
tracker.
Lately we have been getting critical alerts that ip
addresses (always
others) are opening over a million smtp connections through
the
firewall. 
If I search in the tracker I only see a couple logs entries
from those
addresses..

Anyone has more information about this?

Tnx in advance

Steven

=================================================
To set vacation, Out-Of-Office, or away messages, send an
email to
LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription
options,
email fw-1-ownerts.checkpoint.com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

Its the alerts in the eventia analyzer. If there is an alert
about more 
than a million connections, I should find those in the
tracker, right?

Steven





Jean-Paul Baillon <jpbaillonNETSTARNETWORKS.COM>
Sent by: Mailing list for discussion of Firewall-1 
<FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM>
28/09/2006 14:46
Please respond to Mailing list for discussion of Firewall-1
 
        To:     FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
        cc: 
        Subject:        Re: [FW-1] Eventia analyzer


Eventia Reporter has 2 reports Standard and Express

Standard reports are generated from information in log
consolidator log
files through the consolidation process 

Express reports are generated from data collected from check
point
system counters and smartview monitor history files

JP



-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of Steven
De Pauw
Sent: Thursday, 28 September 2006 6:59 PM
To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Eventia analyzer

Hi,

Does eventia analyzer uses the same logs as you see in the
tracker.
Lately we have been getting critical alerts that ip
addresses (always
others) are opening over a million smtp connections through
the
firewall. 
If I search in the tracker I only see a couple logs entries
from those
addresses..

Anyone has more information about this?

Tnx in advance

Steven

=================================================
To set vacation, Out-Of-Office, or away messages, send an
email to
LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription
options,
email fw-1-ownerts.checkpoint.com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

Hi,

The OP is referring to Eventia Analyzer, not Eventia
Reporter.

As far as I'm aware the number that you're seeing in the
Analyzer
client should be the same as the number of log entries you
see in the
Tracker.
This can be verified by creating a custom rule in the
Analyzer that
fires an alert when, for example, icmp hits the firewall.
Then setup some icmp traffic and start counting...

If there are really "over a million" connections
accepted by the fw
then you should be able to find them easily in your mta logs
(sync
with TVO ;))

Kr.
Robby



On 9/28/06, Jean-Paul Baillon <jpbaillonnetstarnetworks.com> wrote:
> Eventia Reporter has 2 reports Standard and Express
>
> Standard reports are generated from information in log
consolidator log
> files through the consolidation process
>
> Express reports are generated from data collected from
check point
> system counters and smartview monitor history files
>
> JP
>
>
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of Steven
> De Pauw
> Sent: Thursday, 28 September 2006 6:59 PM
> To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
> Subject: [FW-1] Eventia analyzer
>
> Hi,
>
> Does eventia analyzer uses the same logs as you see in
the tracker.
> Lately we have been getting critical alerts that ip
addresses (always
> others) are opening over a million smtp connections
through the
> firewall.
> If I search in the tracker I only see a couple logs
entries from those
> addresses..
>
> Anyone has more information about this?
>
> Tnx in advance
>
> Steven
>
> =================================================
> To set vacation, Out-Of-Office, or away messages, send
an email to
> LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
subscription options,
> email fw-1-ownerts.checkpoint.com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================