RE: Re: Sun FTP Server and Firewall-1 4.1 (Richard Worwood)

["Carl Friedberg" <friedberg () exs esb com>]

And, remember to do this every time you touch the damn thing. It keeps
losing our settings (one week)(windoze).

Carl

-----Original Message-----
From: Boni Bruno [mailto:bbruno () dsw net] 
Sent: Wednesday, November 13, 2002 1:06 PM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] Re: Sun FTP Server and Firewall-1 4.1 (Richard
Worwood)


FW-1 v 4.1 has configurable TCP timeout settings, just increase the
timeout setting in the firewall properties and you will be fine.

Regards,

-boni bruno

> Message: 1
> From: "Richard Worwood" <richardw () tdbnetworks com>
> To: <richardw () tdbnetworks com>
> Date: Tue, 12 Nov 2002 17:47:24 -0000
> Subject: [fw-wiz] Sun FTP Server and Firewall-1 4.1
>
> I've got a little problem with a customers network and a Solaris 8 box

> with the standard FTP server. The problem is as followes the Solaris 
> box is behind a firewall running firewall-1 4.1 and functions fine as 
> long as you don't allow to long a time to elapse between commands else

> the client appears to time out. The issue is that the definiation of 
> "to long a time to elapse" is approximately 10 seconds.
>
> I've sniffed the client side of the network and found that in response

> to sending the new command to the server a reset is sent back by the 
> server. However if I try and access the server locally or even through

> a standard routed connection all is fine and the conversation 
> continues as usual. Unfortunately as of yet the customer hasn't 
> permitted me to sniff on the server side of the firewall so I'm not 
> certain the two conversations match.
>
> Any suggestions anyone can make will be greatfully received.
>
> Regards
>
> Richard
>
>
>
> --__--__--
>
> Message: 2
> Date: Wed, 13 Nov 2002 08:44:05 -0500
> From: Don Kendrick <don () netspys com>
> To: firewall-wizards () honor icsalabs com
> Subject: [fw-wiz] Mainframes on the Net?
>
> OK...maybe a little of topic but this is the group that would know :)
>
> There is quite a push from our IBM friends to use the S/390 box for a
> web server using Websphere or Apache running under Linux (either as a 
> VM or in it's own LPAR).
>
> Needless to say, I considered this to be a joke....putting the crown
> jewels on the net? Where's the multi-tiered architecture? Where's the 

> "defense in depth?" Sure the S/390 has "never been hacked" (their
> words) but who has ever put it in a position to be hacked?
>
> They tell me that I don't understand LPARs. They're separate machines.
> You can still do your multi-tiered. It's just all on the same box.  My

> fear, they are separate because of software, written by humans. If
that 
> is breeched, it's game, set and match.
>
> If they were separate boxes, they would have to communicate via some
> interface that I can monitor. This isn't true all on one box.
>
> Anyone have any experience with this fight? Am I out of line?
>
> Don
>
>
>
> --__--__--
>
> _______________________________________________
> firewall-wizards mailing list firewall-wizards () honor icsalabs com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
> End of firewall-wizards Digest


_______________________________________________
firewall-wizards mailing list firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards