https://community.checkpoint.com/t5/Firewall-and-Security-Management/TCP-Connection-drops-after-a-while-on-a-IBM-AS-400/m-p/142627#M22077 <P>As Chris said this is probably related to the VPN more than the basic session timeouts, but try enabling TCP state logging to obtain more details about how and why your telnet connections are being terminated:&nbsp;</P> <P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk101221&amp;partition=Advanced&amp;product=Quantum" target="_blank">sk101221: TCP state logging</A></P> <P>Is there some particular reason you are not synchronizing the telnet sessions across the cluster members?&nbsp; If deployed as shown in your screenshot a failover will cause all of the currently open telnet sessions to be killed on the newly active member.</P> <P>Also note that the TCP connection timeout can now be increased well beyond 86400 seconds if you have the latest Jumbo HFA:&nbsp;<A class="cp_link sc_ellipsis" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk168872&amp;partition=Advanced&amp;product=Quantum" target="_blank">sk168872: Virtual session timeout for a TCP Service (86400 seconds) is not long enough for a specific TCP service</A></P> Mon, 28 Feb 2022 13:41:27 GMT Timothy_Hall 2022-02-28T13:41:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/TCP-Connection-drops-after-a-while-on-a-IBM-AS-400/m-p/142588#M22066 <P>We have an issue regarding a specific connection on a S2S VPN between a CP cluster and Cisco ASA.<BR />Specifically, whilst the tunnel poses no issues and everything seems to be fine, an IBM AS/400 server is behind the CP and the clients accessing it are behind the ASA.<BR />The clients complain that the sessions all of a sudden close after an arbitrary amount of time.<BR />I have proceeded with creating a new telnet service with the following characteristics, but the issue seems to still occur.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="new_telnet.png" style="width: 516px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/15530iFEF9497B74597136/image-dimensions/516x566?v=v2" width="516" height="566" role="button" title="new_telnet.png" alt="new_telnet.png" /></span></P><P>Any ideas ?</P><P>Regards</P> Mon, 28 Feb 2022 08:03:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/TCP-Connection-drops-after-a-while-on-a-IBM-AS-400/m-p/142588#M22066 Nikolaos_Liakop 2022-02-28T08:03:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/TCP-Connection-drops-after-a-while-on-a-IBM-AS-400/m-p/142592#M22067 <P>Check your IPS if you run it and core protections. I had AS/400 connections blocked because Telnet is considered insecure and blocked by this blade and needed to configure exceptions.</P><P>Also, there's obviously the ASA side which might not match your protocol definitions.</P><P>&nbsp;</P> Mon, 28 Feb 2022 08:29:23 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/TCP-Connection-drops-after-a-while-on-a-IBM-AS-400/m-p/142592#M22067 Alex- 2022-02-28T08:29:23Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/TCP-Connection-drops-after-a-while-on-a-IBM-AS-400/m-p/142604#M22071 <P>It is not an IPS issue.</P><P>The connection gets established.</P><P>However after some arbitrary time the connections gets droppped and they need to relogin...</P><P>Protocol is telnet</P> Mon, 28 Feb 2022 10:36:06 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/TCP-Connection-drops-after-a-while-on-a-IBM-AS-400/m-p/142604#M22071 Nikolaos_Liakop 2022-02-28T10:36:06Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/TCP-Connection-drops-after-a-while-on-a-IBM-AS-400/m-p/142619#M22075 <P>Arbitrary like when the firewall policy is installed or when a rekey occurs for the VPN?</P> Mon, 28 Feb 2022 12:56:31 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/TCP-Connection-drops-after-a-while-on-a-IBM-AS-400/m-p/142619#M22075 Chris_Atkinson 2022-02-28T12:56:31Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/TCP-Connection-drops-after-a-while-on-a-IBM-AS-400/m-p/142627#M22077 <P>As Chris said this is probably related to the VPN more than the basic session timeouts, but try enabling TCP state logging to obtain more details about how and why your telnet connections are being terminated:&nbsp;</P> <P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk101221&amp;partition=Advanced&amp;product=Quantum" target="_blank">sk101221: TCP state logging</A></P> <P>Is there some particular reason you are not synchronizing the telnet sessions across the cluster members?&nbsp; If deployed as shown in your screenshot a failover will cause all of the currently open telnet sessions to be killed on the newly active member.</P> <P>Also note that the TCP connection timeout can now be increased well beyond 86400 seconds if you have the latest Jumbo HFA:&nbsp;<A class="cp_link sc_ellipsis" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk168872&amp;partition=Advanced&amp;product=Quantum" target="_blank">sk168872: Virtual session timeout for a TCP Service (86400 seconds) is not long enough for a specific TCP service</A></P> Mon, 28 Feb 2022 13:41:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/TCP-Connection-drops-after-a-while-on-a-IBM-AS-400/m-p/142627#M22077 Timothy_Hall 2022-02-28T13:41:27Z