This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nikolaos_Liakop
Participant
‎2022-02-28 12:03 AM

TCP Connection drops after a while on a IBM AS/400

We have an issue regarding a specific connection on a S2S VPN between a CP cluster and Cisco ASA.
Specifically, whilst the tunnel poses no issues and everything seems to be fine, an IBM AS/400 server is behind the CP and the clients accessing it are behind the ASA.
The clients complain that the sessions all of a sudden close after an arbitrary amount of time.
I have proceeded with creating a new telnet service with the following characteristics, but the issue seems to still occur.

new_telnet.png

Any ideas ?

Regards

0 Kudos
4 Replies
Alex-
Leader Leader
Leader
‎2022-02-28 12:29 AM

Check your IPS if you run it and core protections. I had AS/400 connections blocked because Telnet is considered insecure and blocked by this blade and needed to configure exceptions.

Also, there's obviously the ASA side which might not match your protocol definitions.

 

0 Kudos
Nikolaos_Liakop
Participant
‎2022-02-28 02:36 AM
In response to Alex-

It is not an IPS issue.

The connection gets established.

However after some arbitrary time the connections gets droppped and they need to relogin...

Protocol is telnet

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-02-28 04:56 AM
In response to Nikolaos_Liakop

Arbitrary like when the firewall policy is installed or when a rekey occurs for the VPN?

CCSM R77/R80/ELITE
0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2022-02-28 05:41 AM

As Chris said this is probably related to the VPN more than the basic session timeouts, but try enabling TCP state logging to obtain more details about how and why your telnet connections are being terminated: 

sk101221: TCP state logging

Is there some particular reason you are not synchronizing the telnet sessions across the cluster members?  If deployed as shown in your screenshot a failover will cause all of the currently open telnet sessions to be killed on the newly active member.

Also note that the TCP connection timeout can now be increased well beyond 86400 seconds if you have the latest Jumbo HFA: sk168872: Virtual session timeout for a TCP Service (86400 seconds) is not long enough for a specifi...

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices
Self-Guided Video Series Coming Soon
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 07 Oct 2025 @ 09:30 AM (CEST)

    CheckMates Live Denmark!
    CheckMates Events