https://community.checkpoint.com/t5/Spark-Firewall-SMB/outlook-imap-connections-broken/m-p/64268#M2440 <P>Unfortunatelly extended to 120 seconds IMAPS sessions timeout doesn't do the job.</P><P>Do you know any other parameters to tune up or maybe some blades to switch off?</P><P>Or should I call TAC directly?</P> Thu, 03 Oct 2019 07:32:35 GMT RtoipIkswelisaw 2019-10-03T07:32:35Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/outlook-imap-connections-broken/m-p/63571#M2400 <P>Hello</P><P>I am not quite sure if it is even problem od my 790 appliances, but it happens only in our offices. Every so often Outlook IMAP connections get blocked on sending / receiving emails. When it happens, progress bar freezes in half. After that I cannot close Outlook in ordinary way and I have to do it by task manager killing process. Next start everything works correct but only until next stop.</P><P>It started many months ago, but first I thought it will go with next MS Office update. Time is running out and still many different versions of Outlook perform not better.</P><P>This does not happens outside office, not on every station but in all offices where we have 7x0 appliances.</P><P>Our mail server is hosted by ISP.</P><P>I have IPS, Anti-Virus, Anti-Bot and <SPAN>Applications &amp; URL Filtering&nbsp;</SPAN>activated while Anti-Spam, Threat Emulation, QoS not and SSL Inspection set to HTTPS Categorization. I have also standard policy set on FW and other blades. I block&nbsp;<SPAN class="cp-label-link-container ">security risk categories and "<SPAN class="appi-activation-groups-link ">other undesired applications".</SPAN></SPAN></P><P><SPAN class="cp-label-link-container "><SPAN class="appi-activation-groups-link ">Does anyone suffers from similar problem and knows solution, please?</SPAN></SPAN></P> Tue, 24 Sep 2019 14:30:11 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/outlook-imap-connections-broken/m-p/63571#M2400 RtoipIkswelisaw 2019-09-24T14:30:11Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/outlook-imap-connections-broken/m-p/63689#M2409 What do your Security Logs say when these issues are happening? Wed, 25 Sep 2019 20:25:06 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/outlook-imap-connections-broken/m-p/63689#M2409 PhoneBoy 2019-09-25T20:25:06Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/outlook-imap-connections-broken/m-p/64101#M2424 <P>Sorry for the delay but i tried to hunt for error and corresponding logs. No luck. I cannot find anything interesting in the logs.<BR />I was looking for entries about my computer's IP and mail server IP. I found only something like:</P><TABLE cellspacing="0" cellpadding="0"><TBODY><TR><TD><DIV class="x-grid-cell-inner ">Today 21:49:01</DIV></TD><TD><DIV class="x-grid-cell-inner ">Piotr Wasilewski (pwasilewski)</DIV></TD><TD><DIV class="x-grid-cell-inner "><DIV class="cp cp-glyph-url_filtering cp-icon-default-color cp-image">&nbsp;</DIV>URL Filtering</DIV></TD><TD><DIV class="x-grid-cell-inner ">LAN1</DIV></TD><TD><DIV class="x-grid-cell-inner "><DIV class="cp cp-glyph-accept cp-icon-ok-color cp-image">&nbsp;</DIV>Allow</DIV></TD><TD><DIV class="x-grid-cell-inner ">192.168.0.121</DIV></TD><TD><DIV class="x-grid-cell-inner ">79.96.193.51</DIV></TD><TD><DIV class="x-grid-cell-inner ">TCP/993</DIV></TD><TD><DIV class="x-grid-cell-inner ">1 (Outgoing)</DIV></TD><TD><DIV class="x-grid-cell-inner ">home.pl was allowed</DIV></TD></TR></TBODY></TABLE><TABLE cellspacing="0" cellpadding="0"><TBODY><TR><TD><DIV class="x-grid-cell-inner ">Today 21:09:00</DIV></TD><TD><DIV class="x-grid-cell-inner ">Piotr Wasilewski (pwasilewski)</DIV></TD><TD><DIV class="x-grid-cell-inner "><DIV class="cp cp-glyph-application_control cp-icon-default-color cp-image">&nbsp;</DIV>Application Control</DIV></TD><TD><DIV class="x-grid-cell-inner ">WAN</DIV></TD><TD><DIV class="x-grid-cell-inner "><DIV class="cp cp-glyph-accept cp-icon-ok-color cp-image">&nbsp;</DIV>Allow</DIV></TD><TD><DIV class="x-grid-cell-inner ">192.168.0.121</DIV></TD><TD><DIV class="x-grid-cell-inner ">79.96.193.51</DIV></TD><TD><DIV class="x-grid-cell-inner ">TCP/993</DIV></TD><TD><DIV class="x-grid-cell-inner ">1 (Outgoing)</DIV></TD><TD><DIV class="x-grid-cell-inner ">SSL Protocol was allowed</DIV></TD></TR></TBODY></TABLE><P><BR />but not exactly at the time of the connection break. There is no blocked traffic between the two.<BR />How can I get closer to the problem?</P> Tue, 01 Oct 2019 20:05:26 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/outlook-imap-connections-broken/m-p/64101#M2424 RtoipIkswelisaw 2019-10-01T20:05:26Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/outlook-imap-connections-broken/m-p/64103#M2425 <P>The behavior seems to be that the connection gets interrupted somehow and the client doesn't quite know how to deal with it.<BR />I was thinking it could be an IPS signature that was triggering it...and that may still be happening.<BR />You'd have to get some debugs from the appliance while the problem is happening to understand.<BR />TAC should be able to assist with this.</P> <P>Another, simpler thing to try would be increasing the TCP timeout for IMAPS and possibly SMTP, depending on how your client is sending mail.<BR />For most TCP services, this is usually 3600 seconds (1 hour).<BR />For some reason, IMAPS has a very low timeout (like 40 seconds) and you may want to change it:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2019-10-01 at 1.27.15 PM.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2676iBDD6DB2D9FDB40FA/image-size/medium?v=v2&amp;px=400" role="button" title="Screen Shot 2019-10-01 at 1.27.15 PM.png" alt="Screen Shot 2019-10-01 at 1.27.15 PM.png" /></span></P> Tue, 01 Oct 2019 20:29:29 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/outlook-imap-connections-broken/m-p/64103#M2425 PhoneBoy 2019-10-01T20:29:29Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/outlook-imap-connections-broken/m-p/64111#M2426 <P>Thank you very much for hint. I take it as a suggestion to extend that time.</P><P>However I have already 60 seconds sessions timeout for IMAPS while 3600 for IMAP and enabled aggresive agging by default. I put 120 seconds and report back what happened. Is aggresive agging&nbsp;something I should bother with?</P> Tue, 01 Oct 2019 21:43:36 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/outlook-imap-connections-broken/m-p/64111#M2426 RtoipIkswelisaw 2019-10-01T21:43:36Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/outlook-imap-connections-broken/m-p/64115#M2427 Aggressive Aging happens when the appliance is operating at close to its max connection capacity.<BR />Basically, once the threshold is passed (80%, I believe), existing connections are "aggressively aged" until the number of connections is again below the threshold.<BR />In general, the exact number of connections supported will depend on the amount of memory in the appliance, blades, etc.<BR />However, SMB appliances do not have expandable memory.<BR />In my 750, the limit is 150k. Tue, 01 Oct 2019 22:27:04 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/outlook-imap-connections-broken/m-p/64115#M2427 PhoneBoy 2019-10-01T22:27:04Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/outlook-imap-connections-broken/m-p/64268#M2440 <P>Unfortunatelly extended to 120 seconds IMAPS sessions timeout doesn't do the job.</P><P>Do you know any other parameters to tune up or maybe some blades to switch off?</P><P>Or should I call TAC directly?</P> Thu, 03 Oct 2019 07:32:35 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/outlook-imap-connections-broken/m-p/64268#M2440 RtoipIkswelisaw 2019-10-03T07:32:35Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/outlook-imap-connections-broken/m-p/64334#M2442 Perhaps fw ctl zdebug drop | grep a.b.c.d might help you understand why packets are being dropped.<BR />The TAC should be able to help as well. Thu, 03 Oct 2019 23:35:06 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/outlook-imap-connections-broken/m-p/64334#M2442 PhoneBoy 2019-10-03T23:35:06Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/outlook-imap-connections-broken/m-p/64342#M2443 <P>Thank you very much. I will try with the command first.</P> Fri, 04 Oct 2019 07:23:04 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/outlook-imap-connections-broken/m-p/64342#M2443 RtoipIkswelisaw 2019-10-04T07:23:04Z