Troubleshooting guide
Appendix A: State Tables for VPN-1/FireWall-1 4.0 SecuRemote — server side tables
Advanced Technical Reference Guide 4.1 • June 2000 161
Used by SecuRemote Client: No.
Used by FW daemon: Yes
Keys: <user_ip>
Values: 0 (don’t trap) or 1 (trap again only when rule ignores destination
restrictions)
Timeout: 10 sec.
Comments: Used by the daemon to indicate to the kernel that packets coming from a
user should not be trapped again because there is already an open RDP
connection for those packets.
userc_bind table
The userc_bind table holds the public Diffie-Hellman key of the client for optimizing the specified amount of
time in the user properties.
Example
attributes: expires 3600, keep, kbuf 1
<4183c5d3, 3a31362a, 9342e2b5; 8029dc98; 3448/3600>
The userc_bind table uses the following format:
<client IP address, gateway IP address, username (hashed); user’s public key (hashed); time left/total time>
Used by SecuRemote Client: No.
Used by FW daemon: Yes
Keys: <user ip, gw, user name hash>
Values: <user public key hash>
Timeout: Configurable on FW daemon. Default: 3600
Comments: Used to prevent excessive authentication of users. That is, if the user was
authenticated once and the relevant values (public key) are still set in this
table, the gateway will authenticate the client based on the fact that the
client can successfully sign a message sent from the server using this
public key.
IPSEC_userc_dont_trap_table table
Attributes: expires 15
<c0a80112>
This table includes client IP addresses for which a trap was already sent, and there is no need to send an
additional one.
Used by SecuRemote Client: No.
Used by FW daemon: Yes
Keys: <user ip>
Values: None.
Timeout: 15.
Comments: Used to prevent excessive traps.