Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dumbhead123
Participant

TCP session duration and timeouts

Hello everyone,

 

One of our customers have custom applications/servers which do not generate regular TCP traffic due to which they ended up allowing "out of state" traffic through a set of firewalls. Prior to modifying the global properties, the server communication used to break since firewall(s) started dropping these packets as out of state even though the TCP timeout was set to as high as approx 10000 seconds (global properties).

While I am unable to conclude based on the information gathered,

a. Is there a way to determine duration of a TCP session present on the firewall's kernel table ? (fw tab -t connections shows just the expiry and last update timers).

b. Are there any custom hotfix that permits to increase the tcp session timeout beyond 86400 seconds (since its the current limit). While I came across sk168872 which I understand is for specific services, however I am also looking for options to increase the values available via global properties.

Is this even possible?

 

0 Kudos
Reply
1 Reply
PhoneBoy
Admin
Admin

We don't track duration of a TCP connection, only the activity timer.
Apparently, there is a hotfix available from TAC if you need a timeout longer than 86400: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
I assume this is NOT part of a JHF currently.

0 Kudos
Reply