Sorry I have another newbie question. In TCP Services, you have the ability to click Advanced and change the session timeout from the default value (3600 seconds - 1 hour).
My question is, is this timeout only a factor for IDLE connections? i.e. if a TCP session is actively passing traffic, sending and receiving keep-alive packets, etc.. then the session will NOT time out?
Just trying to sanity check some "First packet isn't SYN" drops. I can filter by source port (s_port:xxxx) and see that the session was established with an Accept, and then exactly 1 hour later, I see the "First Packet isn't Syn" drop which to me may mean the app is using long-lived sessions without keepalives... OR it might mean the app is configured to send a keepalive every 60 minutes and is just barely not making the cutoff?