- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Re: Check Point session timeout question
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Check Point session timeout question
Sorry I have another newbie question. In TCP Services, you have the ability to click Advanced and change the session timeout from the default value (3600 seconds - 1 hour).
My question is, is this timeout only a factor for IDLE connections? i.e. if a TCP session is actively passing traffic, sending and receiving keep-alive packets, etc.. then the session will NOT time out?
Just trying to sanity check some "First packet isn't SYN" drops. I can filter by source port (s_port:xxxx) and see that the session was established with an Accept, and then exactly 1 hour later, I see the "First Packet isn't Syn" drop which to me may mean the app is using long-lived sessions without keepalives... OR it might mean the app is configured to send a keepalive every 60 minutes and is just barely not making the cutoff?
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's an idle timer, yes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's an idle timer, yes.