ASecurity Administrator is notified that some longlasting Telnet connections to a mainframe are dropped every time after an hour. The Administrator suspect that the the Security Gateway might be blocking these connections. As she reviews the Smart Tracker the Administrator sees the packet is dropped with the error "Unknown established connection". How can she resolve this problem without causing other security issues?
Choose the BEST answer. She can:
A.
increase the session timeout in the mainframe’s Object Properties
B.
create a new TCP service object on port 23, and increase the session timeout for this object She only uses this new object in the rule that allows the Telnet connections to the mainframe
C.
increase the session timeout in the Service Properties of the Telnet service
D.
increase the session timeout in the Global Properties
E.
ask the mainframe users to reconnect every time this error occurs
Explanation:
Explanation It is better to change the "Session Timeout" for a specific service than to set it globally for ALL Services.
Checkpoint KBase:
To specify a timeout for a TCP servce that is different from the global TCP timeout (defined in the Stateful Inspection page of the Global Properties window), proceed as follows:1. Open the TCP Service Properties window for the specific service.
2. Click "Advanced".
3. In the Advanced TCP Service Properties window, select "Other".
4. Specify the timeout.
5. Install the policy.
Correct answer is B