Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS

181

182

183

184

185

186

187

188

189

190

Appendix B: Object.C Properties in VPN-1/FireWall-1 4.0 The Properties section of the $FWDIR/conf/objects.C file

Advanced Technical Reference Guide 4.1 • June 2000 181

Property Property always

appears in object.C ?

(1=yes,0=userhas

to add entry)

Explanation Default Value

fwldap_sizelimit 1 Number of entries account unit can return

(between 0 and MaxInt)

10000

fwldap_useldap 1 Use LDAP Account management units (true) or

not (false)

FALSE

fwsynatk_ifnum 1 Which interface does SynDefender work on (the

value is the number of the interface as it appears

in the output of “fw ctl iflist”. –1 means all

interfaces)

-1 (all)

fwsynatk_max 1 Maximum number of concurrent half open

connections (between 500 and 10035)

5000

fwsynatk_method 1 Which SynDefender method is used (0=none,

1=relay, 2=active or 3=passive)

0 (none)

fwsynatk_timeout 1 How long until SynDefendef gives up on receiving

ACK (in seconds, between 1 and 60)

fwsynatk_warning 1 Send a log message for SYN attacks (1) or not (0) 1

fwz_encap_mtu 1 Backward compatibility with FireWall-1 version 3.0

when using FWZ + Encapsulation (1) or not (0)

gatewaydir 1 Direction on interface where filtering is done

(inbound, outbound or eitherbound)

inbound

http_allow_double_slash 0 Allow '//' in the middle of the URL(true) or not

(false) (needs to be used in conjunction with

'scheme' or 'http_use_default_schemes'

properties)

FALSE

http_allow_ranges 0 Allow range headers(true) or not (false) FALSE

http_avoid_keep_alive 0 Allow only one request per connection (true) or

more (false)

FALSE

http_block_java_allow_chu

nked

0 Allow HTTP 1.1 chunks even when Java is

blocked (true) or not (false)

FALSE

http_cvp_allow_chunked 0 Allow HTTP 1.1 chunks even when CVP is used

(true) or not (false)

FALSE

http_disable_ahttpdhtml 0 This property is no longer used FALSE

http_disable_automatic_cli

ent_auth_redirect

0 Disable automatic client authentication redirection

(true) or enable it (false)

FALSE

http_disable_cab_check 0 Do not search for Java classes in CAB files (true)

or search them (false)

FALSE

http_don’t_handle_next_pr

oxy_pw

0 Leave the password in the proxy password field

for the next proxy (true) or erase it (false)

FALSE

http_erase_ftp_links 0 Erase FTP links from HTTP traffic (true) or leave

them (false)

FALSE

http_erase_port_cmd 0 Erase FTP PORT commands from HTTP traffic

(true) or leave it (false)

FALSE

http_failed_resolve_timeou

0 Timeout interval to resolve the server's address, in

seconds

900