- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- TCP keep alive packets dropped by the firewall
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-04-2007 12:30 AM
тАО07-04-2007 12:30 AM
We have started using the TCP keep alive mechanism.
Things are ok when the firewall is down.
When the firewall is active, the TCP keep alive packets are dropped by the firewall.
How can I configure the firewall to let the packets through?
The TCP ports change with each session so I can't simply open a port.
Thanks,
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-04-2007 12:54 AM
тАО07-04-2007 12:54 AM
Re: TCP keep alive packets dropped by the firewall
You should "fixup" the protocol you need the firewall to let in from lower security interface to higher security interface.
Se Cisco manuals, which in my opinion are clear enough.
If you're using Checkpoint or other, see what "fixup" does for Cisco, then look for corresponding equivalent instruction in the device's manuals.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-04-2007 12:58 AM
тАО07-04-2007 12:58 AM
Re: TCP keep alive packets dropped by the firewall
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-04-2007 02:11 AM
тАО07-04-2007 02:11 AM
Re: TCP keep alive packets dropped by the firewall
The field setup is using a cisco product.
Can you refer me to some document with the fixup CLI command you are talking about.
thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-04-2007 08:05 PM
тАО07-04-2007 08:05 PM
Solution- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-05-2007 06:13 PM
тАО07-05-2007 06:13 PM
Re: TCP keep alive packets dropped by the firewall
In the first case is better to use a VPN machine at the other end of the channel that is of the same make/model and has the same firmware version as used at your end. The IPSec VPN configuration settings on the participating machines should be made symmetrical, one config on one of the machine mirroring the config on the other machine - this requires the SAME firmware version, and implicitly the SAME make/model.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-05-2007 09:03 PM
тАО07-05-2007 09:03 PM
Re: TCP keep alive packets dropped by the firewall
I have no access or knowledge regarding the specific equipment which is used in the field (we are only a part of this project).
I just wanted to know if there is something simple that can be done to solve this problem because it can be easily simulated with a simple windows firewall.
Thanks for all your help and good will.