- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-09-2015 01:09 AM
Hello,
I have two questions.
First, Could I change session timeout to 24 hours for all applications?
Each applicaitons have each different session timeout value.
My customer would like to change session timeout of all applications to 24 hours.
Do you knew way better easy?
Second,
I knew there are two way for changing session timeout.
The one is global session timeout and another is application session timeout.
For example, Oracle session timeout is 4 hours.
If I changed global time timeout to 24 hours and do not changed oracle session timeout.
Is oracle session timeout 4 hours? Is it right?
I knew applications session timeout time our are submmited faster more than global session timeout.
Thanks,
KC Lee
09-09-2015 01:55 AM
only applications using the default timeout will be impacted by the globla timer changes. others have to be changed manually, one by one
09-09-2015 09:40 AM
Doing this will likely cause issues with the firewall's session table utilization. What would be the goal of doing that?
Applications you don't want to do this to:
dns - a DNS session generally lasts a few seconds, and there are LOTS of them. You'll rapidly fill your session table like this.
web-browsing - A typical web browsing session is terminated by the server as soon as the content is finished being delivered. Since it is probably among the most common app types, you'll fill the session table as above.
You can certainly change some apps that you're having trouble with the firewall ending after idle, but doing it globally would be way too aggressive.
-Greg
09-09-2015 11:32 AM
I agree with Greg on this one.
I'd highly suggest to your customer to NOT set a timer globally so high. I'm sure impact would depend on the platform and amount of traffic, but the resource impact would probably be significant.
Timeouts are based upon IETF standards and application requirements. Deviations of these standards should be based upon specific needs.
Just because 5 applications out of 2,400+ need a non-standard timer doesn't mean you change the entire design of the box.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!