>>> On 7/6/2007 at 6:18 AM, cisco4ng
<cisco4ng YAHOO.COM> wrote:
> The fix on this is a very easy one. On the Nokia
platforms, let say
you have
> MsSQL connection using tcp port 1433 and you want to
establish new
> connection with the same src port/ip dst port/ip, you
can easily
accomplish
> on with the following command:
> ./modzap -n _fw_reuse_established_conn
$FWDIR/boot/modules/fwmod.o
1433
>
> This will require a reboot. If you don't want to
reboot the nokia
> enforcement
> module, you can do this:
> fw ctl _fw_reuse_established_conn 1433
>
> This will take effect immediately.
>
> You can do the same on SPLAT as well. I just can't
remember the
syntax
> of it.
For the archive,
# fw ctl set int fw_reuse_established_conn <port>
Seems to have worked on Solaris.
> Rajeev Gupta <rgup14GMAIL.COM> wrote: You
will find information on
this new
> feature intro'd in NG AI - What's New
> at:
>
http://www.checkpoint.com/support/dow
nloads/docs/firewall1/r54/WhatsNew.pdf
>
> It used to be that CP would drop any attempt to
establish a new
connection
> w/ the same src port/ip and same dst port/ip unless
firewall-1 tables
have
> been flushed out of the state of that connection from a
previous use
- with
> this feature, CP would attempt sync'ng its own state w/
the actual
state of
> the client and server and convert the new 'syn' packet
on the new
connection
> attempt to an 'ack' which in some cases does cause
problems (I have
seen
> myself and had to change the behavior) and that is why
your third
party
> vendor who might have seen issues w/ their application
due this
feature.
>
> hope this helps.
>
> rajeev
>
> On 7/5/07, Crist Clark wrote:
>>
>> A third party vendor has this little piece of
advice
>> in a technical document,
>>
>> We have seen issues with Checkpoint NG firewalls
and
>> their use of the "Smart Connection
Reuse" feature. It
>> is apparently enabled by default... We have found
this
>> behaviour working improperly [sic], and this
feature
>> should be disabled.
>>
>> I'm having trouble finding "Smart Connection
Reuse"
>> in Check Point documentation. Any ideas to what
they
>> are referring?
>> --
>>
>> Crist J. Clark
>> crist.clarkglobalstar.com
>> Globalstar Communications
(408)
>> 933-4387
>>
>>
>> BĀ¼information contained in this e-mail message is
confidential,
intended
>> only for the use of the individual or entity named
above. If the
reader
>> of this e-mail is not the intended recipient, or
the employee or
agent
>> responsible to deliver it to the intended
recipient, you are hereby
>> notified that any review, dissemination,
distribution or copying of
this
>> communication is strictly prohibited. If you have
received this
e-mail
>> in error, please contact postmasterglobalstar.com
>>
>> =================================================
>> To set vacation, Out-Of-Office, or away messages,
>> send an email to LISTSERVamadeus.us.checkpoint.com
>> in the BODY of the email add:
>> set fw-1-mailinglist nomail
>> =================================================
>> To unsubscribe from this mailing list,
>> please see the instructions at
>> http:
//www.checkpoint.com/services/mailing.html
>> =================================================
>> If you have any questions on how to change your
>> subscription options, email
>> fw-1-ownerts.checkpoint.com
>> =================================================
>>
>
>
>
> ---------------------------------
> Sick sense of humor? Visit Yahoo! TV's Comedy with an
Edge to see
what's on,
> when.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
BĀ¼information contained in this e-mail message is
confidential, intended
only for the use of the individual or entity named above. If
the reader
of this e-mail is not the intended recipient, or the
employee or agent
responsible to deliver it to the intended recipient, you are
hereby
notified that any review, dissemination, distribution or
copying of this
communication is strictly prohibited. If you have received
this e-mail
in error, please contact postmasterglobalstar.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|