Firewall Issue
in [Firewalls]
|
From: Ankur on 13 Jun 2008 02:09 Hi Folks, I'm new to the group, so kindly forgive it my question is not appropirate in any way. We have a situation where we have a Server application that is listening on a port on which client applications connect. Server and clients are on seperate networks. Server application network is using a firewall device as an interface for client connections. The firewall device is configured in such a way that it periodically performs a poll operation on the ports where the Server is listening for client connections, just to check the the Server application is alive and well. The Server application is written in such a way that it treats all the connections on this port as connect requests and proceeds to handle them accordingly. This leads to some errors of the application logs since while handling such requests i.e. poll operation for the firewall since the application doen't distinguish client connect requests from the firewall poll operation thereby generating following error messages:- GetCompletionStatus failed - "The specified network name is no longer available. My question is- Is there a workaround on the firewall side to fix this kind of behaviour by changing some kind of configuration. The poll request is a valid requirement and cann't be done away with. Or is it that I need to handle this situation in the Server application itself i.e. to distinguish between normal client connect requests and the firewall poll operation. I'll highly appreciate your insights. Thanks. Ankur.
From: Ansgar -59cobalt- Wiechers on 13 Jun 2008 07:43 Ankur <ankurarora81(a)gmail.com> wrote: > We have a situation where we have a Server application that is > listening on a port on which client applications connect. > Server and clients are on seperate networks. > Server application network is using a firewall device as an interface > for client connections. > > The firewall device is configured in such a way that it periodically > performs a poll operation on the ports where the Server is listening > for client connections, just to check the the Server application is > alive and well. > The Server application is written in such a way that it treats all the > connections on this port as connect requests and proceeds to handle > them accordingly. > This leads to some errors of the application logs since while handling > such requests i.e. poll operation for the firewall since the > application doen't distinguish client connect requests from the > firewall poll operation thereby generating following error messages:- > > GetCompletionStatus failed - "The specified > network name is no longer available. > > My question is- > > Is there a workaround on the firewall side to fix this kind of > behaviour by changing some kind of configuration. The poll request is > a valid requirement and cann't be done away with. > Or is it that I need to handle this situation in the Server > application itself i.e. to distinguish between normal client connect > requests and the firewall poll operation. Well, if you have a way to perform some kind of "nop" (no operation) request on the server application and also are able to update the check on your firewall appliance accordingly, then you can get around this error. Otherwise it can only be fixed in the server application AFAICS. cu 59cobalt -- "If a software developer ever believes a rootkit is a necessary part of their architecture they should go back and re-architect their solution." --Mark Russinovich
|
Pages: 1 Prev: Partial return to the status quo ante bellum.... Next: Spyware Warning By Kaspersky |