Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS

181

182

183

184

185

186

187

188

189

190

Appendix B: Object.C Properties in VPN-1/FireWall-1 4.0 The Properties section of the $FWDIR/conf/objects.C file

Advanced Technical Reference Guide 4.1 • June 2000 178

Property Property always

appears in object.C ?

(1=yes,0=userhas

to add entry)

Explanation Default Value

allow_encryption_outgoing

_first

0 Allow encryption rules even if "allow outgoing

packets" is set to "first" (true) or send outgoing

packets unencrypted in that case (false)

FALSE

allowed_telnet_option 0 The number of telnet option to be allowed

(between 0 and 40. Use this property multiple

times to allow multiple options)

as_failure_limit 0 Maximum number of retries for authentication with

Check Point RADIUS server

as_radius_free_type 0 RADIUS types that Check Point authentication

server knows about, in addition to the standard

ones. Use this property multiple times to allow

multiple RADIUS types

au_connect_timeout 0 The interval (in seconds, ranging from 1 to MaxInt)

until the security server will try to connect again

after there is no reply.

au_timeout 1 The interval (in minutes, ranging from 1 to 800)

until the user is prompted again for authentication.

automatically_open_ca_rul

1 Use the automatic client authentication as in

FireWall-1 version 3.0 (true) or not (false). This

feature is made obsolete by the automatic client

authentication of 4.0, and is not to be used in

VPN-1/FireWall-1 4.0 or above.

FALSE

block_reverse_tcp 1 This property is no longer used FALSE

block_reverse_tcp_p 1 This property is no longer used First

block_reverse_udp 1 This property is no longer used FALSE

block_reverse_udp_p 1 This property is no longer used First

ca_matchbyname 1 Match destination field in fully automatic CA rules

by name (true) or by IP address (false)

FALSE

ca_wait_mode 1 Leave the client authentication session open after

authenticating, and when the session closes -

terminate the authenticated session (true) or close

session automatically once the client authenticates

(false)

FALSE

clnt_auth_msg 0 Client Authentication message text "Check Point FireWall-

1 Client Authentication

Server running on"

control_back_compatibility 1 Use backward compatibility between FireWall-1

versions 3.0 and 4.0 (true) or not (false)

FALSE

cooltalkenable 0 Enable CoolTalk (true) or not (false) (this property

is relevant for FireWall-1 version 3.0 or backward

compatibilty only)

TRUE

default_track 1 Default track for user authentication failure (may

be Auth (=logging only), AuthAlert (=logging and

alerting) or blank (=no action))

AuthAlert

domain_tcp 1 Allow domain-tcp (true) or not (false) TRUE