Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
181182183184185186187188189190
Appendix B: Object.C Properties in VPN-1/FireWall-1 4.0 The Properties section of the $FWDIR/conf/objects.C file
Advanced Technical Reference Guide 4.1 June 2000 185
Property Property always
appears in object.C ?
(1=yes,0=userhas
to add entry)
Explanation Default Value
manualminspi 1 Lowest SPI value (only through VPN-1/FireWall-1
version 4.0 SP-6 and 4.1 SP-1. No longer used in
later versions)
0x100
maxprocess 1 This property is no longer used 256
nat_hashsize 0 Hash size for NAT tables. May be any power of 2
up to 65536
8192
nat_limit 0 Limit for NAT tables (between 0 and 50000) 25000
new_ftp_interface 0 Use the new FTP interface (True) or the old
method that uses '@'s (False)
FALSE
outgoing 1 Allow outgoing connections (true) or match them
by the rulebase (false)
TRUE
outgoing_p 1 Where in the rulebase to allow outgoing
connections (first, before last or last)
last
pagetimeout 1 This property is no longer used 20
pmap_connect_timeout 1 Default timeout for connecting to the RPC
portmapper, in seconds
30
pop3_daemon 0 Path on POP3 daemon on the local machine
pop3_server 0 Default POP3 server
prohibited_telnet_option 0 The numbers of telnet options to be prohibited
(between 0 and 40). Use this property multiple
times to prohibit multiple options.
prompt_for_destination 1 Forcing non-transparent mode (as in pre-FireWall-
1 version 3.0) (true) or enable transparent
authentication (false)
FALSE
psswd_min_length 1 Minimum length of password for LDAP users, in
characters
2
psswd_min_num_of_lower
case
1 Minimum number of lowercase letters in password
for LDAP users
0
psswd_min_num_of_numb
ers
1 Minimum number of numbers in password for
LDAP users
0
psswd_min_num_of_symb
ols
1 Minimum number of symbols (non-alphanumeric)
in password for LDAP users
0
psswd_min_num_of_upper
case
1 Minimum number of uppercase letters in password
for LDAP users
0
radius_connect_timeout 0 Timeout interval until next attempt to connect to
the RADIUS server, in seconds
120
radius_ignore 0 Ignore RADIUS attributes that are not defined in
RFC 2138 and RFC 2139. The value is a list of
RADIUS attributes to ignore. Consult Check Point
support if you want to modify this field.
radius_retrant_num 0 Maximum number of connection attempts to the
RADIUS server
2
radius_retrant_timeout 0 Timeout interval for each RADIUS server
connection attempt, in seconds
5