PDA

View Full Version : Firewall Issue



Ankur
06-13-08, 01:09 AM
Hi Folks,

I'm new to the group, so kindly forgive it my question is not
appropirate in any way.

We have a situation where we have a Server application that is
listening on a port on which client applications connect.
Server and clients are on seperate networks.
Server application network is using a firewall device as an interface
for client connections.

The firewall device is configured in such a way that it periodically
performs a poll operation on the ports where the Server is listening
for client connections, just to check the the Server application is
alive and well.
The Server application is written in such a way that it treats all the
connections on this port as connect requests and proceeds to handle
them accordingly.
This leads to some errors of the application logs since while handling
such requests i.e. poll operation for the firewall since the
application doen't distinguish client connect requests from the
firewall poll operation thereby generating following error messages:-

GetCompletionStatus failed - "The specified
network name is no longer available.

My question is-

Is there a workaround on the firewall side to fix this kind of
behaviour by changing some kind of configuration. The poll request is
a valid requirement and cann't be done away with.
Or is it that I need to handle this situation in the Server
application itself i.e. to distinguish between normal client connect
requests and the firewall poll operation.

I'll highly appreciate your insights.

Thanks.
Ankur.

Ansgar -59cobalt- Wiechers
06-13-08, 06:43 AM
Ankur <ankurarora81@gmail.com> wrote:
> We have a situation where we have a Server application that is
> listening on a port on which client applications connect.
> Server and clients are on seperate networks.
> Server application network is using a firewall device as an interface
> for client connections.
>
> The firewall device is configured in such a way that it periodically
> performs a poll operation on the ports where the Server is listening
> for client connections, just to check the the Server application is
> alive and well.
> The Server application is written in such a way that it treats all the
> connections on this port as connect requests and proceeds to handle
> them accordingly.
> This leads to some errors of the application logs since while handling
> such requests i.e. poll operation for the firewall since the
> application doen't distinguish client connect requests from the
> firewall poll operation thereby generating following error messages:-
>
> GetCompletionStatus failed - "The specified
> network name is no longer available.
>
> My question is-
>
> Is there a workaround on the firewall side to fix this kind of
> behaviour by changing some kind of configuration. The poll request is
> a valid requirement and cann't be done away with.
> Or is it that I need to handle this situation in the Server
> application itself i.e. to distinguish between normal client connect
> requests and the firewall poll operation.

Well, if you have a way to perform some kind of "nop" (no operation)
request on the server application and also are able to update the check
on your firewall appliance accordingly, then you can get around this
error. Otherwise it can only be fixed in the server application AFAICS.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich