This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nikolaos_Liakop
Explorer
‎2022-02-28 12:03 AM

TCP Connection drops after a while on a IBM AS/400

We have an issue regarding a specific connection on a S2S VPN between a CP cluster and Cisco ASA.
Specifically, whilst the tunnel poses no issues and everything seems to be fine, an IBM AS/400 server is behind the CP and the clients accessing it are behind the ASA.
The clients complain that the sessions all of a sudden close after an arbitrary amount of time.
I have proceeded with creating a new telnet service with the following characteristics, but the issue seems to still occur.

new_telnet.png

Any ideas ?

Regards

0 Kudos
4 Replies
Alex-
Advisor
‎2022-02-28 12:29 AM

Check your IPS if you run it and core protections. I had AS/400 connections blocked because Telnet is considered insecure and blocked by this blade and needed to configure exceptions.

Also, there's obviously the ASA side which might not match your protocol definitions.

 

0 Kudos
Nikolaos_Liakop
Explorer
‎2022-02-28 02:36 AM
In response to Alex-

It is not an IPS issue.

The connection gets established.

However after some arbitrary time the connections gets droppped and they need to relogin...

Protocol is telnet

0 Kudos
Chris_Atkinson
Employee
Employee
‎2022-02-28 04:56 AM
In response to Nikolaos_Liakop

Arbitrary like when the firewall policy is installed or when a rekey occurs for the VPN?

0 Kudos
Timothy_Hall
Champion
Champion
‎2022-02-28 05:41 AM

As Chris said this is probably related to the VPN more than the basic session timeouts, but try enabling TCP state logging to obtain more details about how and why your telnet connections are being terminated: 

sk101221: TCP state logging

Is there some particular reason you are not synchronizing the telnet sessions across the cluster members?  If deployed as shown in your screenshot a failover will cause all of the currently open telnet sessions to be killed on the newly active member.

Also note that the TCP connection timeout can now be increased well beyond 86400 seconds if you have the latest Jumbo HFA: sk168872: Virtual session timeout for a TCP Service (86400 seconds) is not long enough for a specifi...

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos