Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS

181

182

183

184

185

186

187

188

189

190

Appendix B: Object.C Properties in VPN-1/FireWall-1 4.0 The Properties section of the $FWDIR/conf/objects.C file

Advanced Technical Reference Guide 4.1 • June 2000 184

Property Property always

appears in object.C ?

(1=yes,0=userhas

to add entry)

Explanation Default Value

isakmp.encryption 0 Default client encryption scheme, if not specified

by the SecureRemote user (“DES”, “DES-IV32”,

“CLEAR”or“RC4-40”

“DES”

isakmp_logging 1 Log IKE negotiation (true) or not (false) TRUE

isakmpphase1reneg 1 Time interval after which the ISAKMP session key

is changed (in minutes, between 5 and 525600)

10080

isakmpphase2reneg 1 Time interval after which the IPSec session key is

changed (in seconds, between 120 and 86400)

3600

isakmpphase2renegkbytes 1 Number of kilobytes transferred until the IPSec

session key is renegotiated (0 means infinite)

0 (infinite)

lbalanced_load_history_pe

rcent

1 The effect (in percent) history is taken into account

in load balancing (between 0 and 100)

lbalanced_load_period_wa

keup_sec

1 This property is no longer used 20

lbalanced_period_wakeup

_sec

1 How often the load agent is queried (once every

how many seconds)

lbalanced_roundtrip_histor

y_percent

1 The effect (in percent) roundtrip history is taken

into account in load balancing (between 0 and

100)

liveconns 1 Use live connections (true) or not (false) FALSE

load_service_port 1 The port of the load agent (0 means random high

port)

log_established_tcp 1 Should established TCP packets be logged if

rulebase says so (true) or not (false)?

TRUE

log_implied_rules 0 This property is no longer used

log_keepalive_minute_to 0 Time interval in minutes to check that all the log

connections are indeed active

300

log_switch_size 0 This property is no longer used

loggrace 1 Log grace period (in seconds, between 0 and 90)

to avoid repetetive logging of retransmissions

logical_servers_timeout 0 Time interval (in seconds) to check if the logical

server is alive

looptcp 1 This property is no longer used TRUE

looptcp_p 1 This property is no longer used first

loopudp 1 This property is no longer used TRUE

loopudp_p 1 This property is no longer used first

mailcmd 1 Command to issue for mail alerts May contain the

name of any OS command or executable file

/bin/mailx -s 'FireWall-

1Alert'root

manualmaxspi 1 Highest SPI value (only through VPN-1/FireWall-1

version 4.0 SP-6 and 4.1 SP-1. No longer used in

later versions)

0x10000