|
Re: [Networker] NUL handshake - Firewall issue
2005-09-14 13:06:15
It just makes the box a little more chatty keeping sessions open on
stateful inspection firewalls (i.e. checkpoint). Applications have to
be able to use this parameter for it to be effective. If I remember
correctly, NetWorker really started using this in 7.1 properly as I had
a lot of issues resulting in a LGTpa which generated a patch. The
NSR_KEEPALIVE_WAIT value functionality didn't actually work as described
in the documentation prior to 7.1 (again, I believe it was 7.1), this
patch resolved the problems. Anyway, this value tells NetWorker the
number of seconds to wait between KEEPALIVE packets being sent.
As per MS Article ID: 315669
Value name: KeepAliveTime
Key: Tcpip\Parameters
Value Type: REG_DWORD-Time in milliseconds
Valid Range: 1-0xFFFFFFFF
Default: 7,200,000 (two hours)
This value controls how often TCP attempts to verify that an idle
connection is still intact by sending a keep-alive packet. If the remote
computer is still reachable, it acknowledges the keep-alive packet.
Keep-alive packets are not sent by default. You can use a program to
configure this value on a connection. The recommended value setting is
300,000 (5 minutes).
-----Original Message-----
From: Legato NetWorker discussion [mailto:NETWORKER AT LISTSERV.TEMPLE DOT EDU]
On Behalf Of Bart.Jespers AT FUJITSU-SIEMENS DOT COM
Sent: September 13, 2005 3:46 AM
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Subject: Re: [Networker] NUL handshake - Firewall issue
What does the setting do? can it harm other applications?
HKEY_LOCAL_MACHINE\SYSTEM
>> \CurrentControlSet\Services\Tcpip\Parameters\keepalivetime
>> setting DWORD:DECIMAL 7200000 for servers that need it
> On Mon, 12 Sep 2005 10:23:33 -0400, Stan Horwitz <stan AT TEMPLE DOT EDU>
> wrote:
>
>
>>
>> Try setting NSR_KEEP_ALIVE to 15 instead of 30. The optimum setting
>> depends on how your firewall is configured.
>>
>> On your Windows clients, you might also set HKEY_LOCAL_MACHINE\SYSTEM
>> \CurrentControlSet\Services\Tcpip\Parameters\keepalivetime
>> setting DWORD:DECIMAL 7200000 for servers that need it
>>
>>
> Shouldn't that be 900000 to be equivalent to 15 minutes?
It depends on your firewall. In most cases, we have not had to go
that route at all on our servers, but a few have required it. This is
what Legato tech support recommended for us when we had ongoing
problems backing up and recovering data across a particular firewall.
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu
if you have any problems
wit this list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu
if you have any problems
wit this list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu
if you have any problems
wit this list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
|
|
