Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
188189190191192193194195196197
Appendix B: Object.C Properties in VPN-1/FireWall-1 4.0 The Properties section of the $FWDIR/conf/objects.C file
Advanced Technical Reference Guide 4.1 June 2000 188
Property Property always
appears in object.C ?
(1=yes,0=userhas
to add entry)
Explanation Default Value
sso_resolve_src 0 Resolve the source IP address when logging SSO
Client Authentication (true) or not (false)
FALSE
stack_size 0 Size of INSPECT stack in bytes 1024
suppress_dont_echo 0 Suppress the "don't echo" property of telnet (true)
or allow it (false)
FALSE
tcp_reject 0 Perform 'reject' for TCP packets when rulebase is
configured to do so (true) or perform ‘drop’ (false)
TRUE
tcpendtimeout 1 Timeout interval in TIME_WAIT until we close a
TCP connection (in seconds)
50
tcpestb_grace_period 0 For how many seconds after 'fwstart' do we
operate the TCP established mechanism
(0=never, -1=always, 37= 37 seconds, etc.)
0
tcpstarttimeout 1 Time interval to wait for a SYN/ACK in SYN_SENT
(in seconds)
60
tcptimeout 1 Time interval to wait on an idle TCP connection (in
seconds)
3600
telnet_msg 0 Atelnetd welcome message text "Check Point FireWall-
1 authenticated Telnet
server running on"
timeout 1 Time interval to wait for address resolution (in
seconds)
10
udp_reject 0 Perform 'reject' for UDP packets when rulebase is
configured to do so (true) or perform ‘drop’ (false)
TRUE
udpreply 1 Enable reply packets in a two-way UDP
communication (true) or inspect reply according to
the rulebase (false).
TRUE
udptimeout 1 Time interval to wait on an idle UDP connection (in
seconds)
40
undo_msg 0 Do not send the VPN-1/FireWall-1 standard
greeting message(true) or send it (false)
false
use_zero_buf_len 0 Reset the S_TO_C buffer length always(0), only
for FTP over HTTP(1), or never (2)
0
useralertcmd 1 Command to issue for user-defined alerts “fwalert”
userauthalertcmd 1 Command to issue for user authentication failure “fwalert”
userc_bind_user_to_ip 0 Allow same username to connect from different IP
addresses and enable SecureRemote clients with
DHCP (true) or not (false)
false
userc_crypt_ver 1 Backward compatibility with previous versions for
client-encrypting rsh and sqlnet (0-old, 1-new)
1
userc_ike_nat 1 Support NATed SecureRemote clients with IKE
(true) or not (false)
FALSE
userc_nat 1 Support NATed SecureRemote clients with FWZ
(true) or not (false)
FALSE