Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
181182183184185186187188189190
Appendix B: Object.C Properties in VPN-1/FireWall-1 4.0 The Properties section of the $FWDIR/conf/objects.C file
Advanced Technical Reference Guide 4.1 June 2000 183
Property Property always
appears in object.C ?
(1=yes,0=userhas
to add entry)
Explanation Default Value
http_skip_redirect_free 0 Free memory when redirecting a connection for
authentication, to prevent memory leaks (true) or
avoid freeing session’s memory (false)
TRUE
http_sup_continue 0 Send HTTP 1.1's "continue" command to the client
(true) or not (false)
FALSE
http_use_cvp_reply_safe 0 Allow the CVP server to send data before the reply
(true) or not (false)
FALSE
http_use_default_schemes 0 Allow the default schemes (prospero, gopher,
telnet, finger, mailto, http, news, nntp, wais, file
and ftp) to preceed a '//' in the query field of a URL
(true) or do not allow any schemes unless
specifically stated (false)
FALSE
http_use_host_h_as_dst 0 Redirect by name (true) or by IP address (false) in
partial CA
FALSE
http_use_proxy_auth_for_
other
0 Support agent other than Mozilla or Internet
explorer (true) or not (false)
TRUE
http_weeding_allow_chunk
ed
0 Allow HTTP 1.1 chunks even when HTML
weeding is used (true) or not (false)
FALSE
icmpcryptver 1 Encrypt ICMP inplace(0) or not (1) 1
icmpenable 1 Enable stateful inspection & accept for ICMP (true)
or accept ICMP only if rulebase allows it
specifically (false)
TRUE
icmpenable_p 1 Where to enable ICMP in the policy (first, before
last, or last. Use last to enable stateful inspection
for ICMP, but accepting it only when the rulebase
specifically allows it)
before last
icmpenable_router 1 Enable ICMP in access lists (true) or not (false) TRUE
icmpenable_router_p 1 Where to enable ICMP in the access lists (first,
before last or last)
before last
imap_msg 0 Default message text for IMAP daemon “ * OK CheckPoint
FireWall-1
Authenticated Imap
Server running on”
iphoneenable 0 Enable Iphone (true) or not (false) (this property
affects only FireWall-1 version 3.0 or backward
compatibility of 4.0 with 3.0)
TRUE if Iphone
appears in the
rulebase, FALSE
otherwise
ipoptslog 1 Default track for packets with IP options
(“IP Options” (=logging only), “IP Options Alert”
(=logging and alerting) or blank)
ipsec_spi_alloc_max 0 Highest SPI value in hex (used in
VPN-1/FireWall-1 version 4.0 SP7, 4.1 SP2 and
above)
10000
ipsec_spi_alloc_min 0 Lowest SPI value in hex (used in
VPN-1/FireWall-1version 4.0 SP7, 4.1 SP2 and
above)
100