| Platform: | Any platform for NG |
| Product: | Check Point Next Generation AI |
| Problem: | The timeout for the services sqlnet2* seems to be independent from the configuration of the services themselves. Only a change in the Global Properties seems to change the TCP session timeout - and this configuration is valid for all TCP services. |
| Workaround/Fix: |
First of all, the individual timeout for every service can be defined in the declaration of the service itself (Manage > Services > MyService > Advanced > Session Timeout). Due to SQL*Net2 beeing not a trivial service, a further description of this
service is defined in $FWDIR/lib/base.def.
In this file, the timeout for sqlnet-service is set. This file is very important for NG, so make a backup of base.def first! To modify the timeout, edit this file then. First, search for the section#define sqlnet_prologue ( and change the line RECORD_DATA_CONN(dst,0,sr1,sr2,sr3, IS_ACCEPTED_A, 0x4a, 7200, 0), The time is set as the parameter before last, in this example to 7.200 seconds. After having the rulebase installed, the timeout for SQL*Net2 is set to two hours. Always be careful when editing files in $FWDIR/lib, because there is no syntax check. And, be aware that Check Point will overwrite all files in this directory when installing a hotfix, Feature Pack or new version. |
No warranty at all, your Feedback is welcome!
© 2003-2010 AERAsec Network Services and Security GmbH, last change 2003-11-29
back to http://www.vpn-1.de/aerasec/