Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS

181

182

183

184

185

186

187

188

189

190

Appendix B: Object.C Properties in VPN-1/FireWall-1 4.0 The Properties section of the $FWDIR/conf/objects.C file

Advanced Technical Reference Guide 4.1 • June 2000 180

Property Property always

appears in object.C ?

(1=yes,0=userhas

to add entry)

Explanation Default Value

ftp_listen_timeout 0 Timeout interval (in seconds, between 1 and

MaxInt) if a peer of the FTP security server does

not connect to a port opened for that peer

ftp_msg 0 FTP security server welcome message text "Check Point FireWall-

1 Secure FTP server

running on"

ftp_msg_max_lines 0 Maximum number of lines in the FTP server's

welcome message (between 0 and MaxInt)

100

ftp_use_cvp_reply_safe 0 Allow the CVP server to send data before the reply

(true) or not (false)

FALSE

ftpdata 1 Allow FTP data connections (true) or not (false) TRUE

ftppasv 1 Allow FTP PASV connections (true) or not (false) TRUE

fw_ignore_domain_rules 0 Ignore rules with domain in source when matching

rulebase via security servers (true) or resolve

domain names and match (false)

FALSE

fw_ignore_session_rules 0 Ignore session authentication rules when matching

rulebase via security servers (true) or drop

connections that match these rules (false)

FALSE

fw_light_verify 0 Do not check for rulebase overlaps during

rulebase verification (true) or perform the full

check (false)

FALSE

fw_listen_queue 1 The length of the listen queue for every security

server being run (between 0 and MaxInt)

200

fw1_enable_p 1 Where are the control connections enabled (first,

last or before last)

first

fw1enable 1 Enable VPN-1/FireWall-1 control connections

(true) or not (false)

TRUE

fwfrag_limit 0 Maximum number of fragments in a packet (may

range from 1 to MaxInt)

1000

fwfrag_minsize 0 Minimum size for a fragment (in bytes) 0

fwfrag_timeout 0 Timeout interval (in seconds) for fragment

reassembley of one IP packet (may range from 0

to MaxInt)

fwldap_cachesize 1 The number of LDAP users that will be cached

(may range from 0 to MaxInt)

100

fwldap_cachetimeout 1 Timeout interval on cached LDAP users (in

seconds, may range from 0 to MaxInt)

900

fwldap_displaydn 1 Display the user's DN at login (true) or not (false) FALSE

fwldap_passwordcheckmet

hod

1 Check if the password has expired (true) or not

(false)

fwldap_passwordexpiration 1 Days before LDAP password expires (between 0

and MaxInt)

fwldap_requesttimeout 1 Timeout on LDAP requests (in seconds, between

0 and the TCP timeout)