Idle timeout since 5.0.11

ParishSoftIT — Thu, 06 Mar 2014 21:21:10 GMT

Hi All,

We have an issue with our firewall. Ever since we did the update to 5.0.11 a few weeks back our RDP connections from WAN to LAN are timing out after 30 minutes of Idle time. I have checked the server settings And they are fine, the only thing thats changed is the firewall version. Below are the NAT and Policy rules for the RDP server. We actually have two seperate internet connections that come in here hence the two NAT rules and the two Policy rules. Does any one know if the 5.0.11 release has any new idle timeouts or if it process the existing time outs differently? I'm suspicious that thats what we are seeing. I've looked around and don't see any so I'm not sure what to check next. I don;t know if other services are timing out as well since most other connections are not persitant like RDP is.

Thanks,

Doug

Re: Idle timeout since 5.0.11

HULK — Thu, 06 Mar 2014 21:41:02 GMT

Hello,

Default time out value for a TCP session through PAN firewall will be 3600 Seconds (1 hour). If you think the session is getting timed out after 30 minutes, please verify the same from CLI.

> show session all filter source x.x.x.x destination y.y.y.y application ms-rdp >>>>>> Identify the session ID from here.

> show session id xyz >>>>> verify the output

start time : Thu Mar 6 15:27:55 2014

timeout : 3600 sec >>>>>>>>>>> default time out value

time to live : 3548 sec >>>>>>> TTL since last packet received.

total byte count(c2s) : 2194

total byte count(s2c) : 0

layer7 packet count(c2s) : 4

layer7 packet count(s2c) : 0

Apply the above mentioned command multiple times and see if the TTL value is decreasing correctly, if there are no consecutive packet received/transmitted for the same session.

As per the logic, once the TTL value become 0, then the session will be closed.

Thanks

topic Re: Idle timeout since 5.0.11 in General Topics

Idle timeout since 5.0.11

Re: Idle timeout since 5.0.11