Hello everyone,
One of our customers have custom applications/servers which do not generate regular TCP traffic due to which they ended up allowing "out of state" traffic through a set of firewalls. Prior to modifying the global properties, the server communication used to break since firewall(s) started dropping these packets as out of state even though the TCP timeout was set to as high as approx 10000 seconds (global properties).
While I am unable to conclude based on the information gathered,
a. Is there a way to determine duration of a TCP session present on the firewall's kernel table ? (fw tab -t connections shows just the expiry and last update timers).
b. Are there any custom hotfix that permits to increase the tcp session timeout beyond 86400 seconds (since its the current limit). While I came across sk168872 which I understand is for specific services, however I am also looking for options to increase the values available via global properties.
Is this even possible?