Idle timeout since 5.0.11

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Idle timeout since 5.0.11

L0 Member

Hi All,

We have an issue with our firewall. Ever since we did the update to 5.0.11 a few weeks back our RDP connections from WAN to LAN are timing out after 30 minutes of Idle time. I have checked the server settings And they are fine, the only thing thats changed is the firewall version. Below are the NAT and Policy rules for the RDP server. We actually have two seperate internet connections that come in here hence the two NAT rules and the two Policy rules. Does any one know if the 5.0.11 release has any new idle timeouts or if it process the existing time outs differently? I'm suspicious that thats what we are seeing. I've looked around and don't see any so I'm not sure what to check next. I don;t know if other services are timing out as well since most other connections are not persitant like RDP is.

Thanks,

Doug

CaptureACL.JPG.jpg

CaptureNAT.JPG.jpg

1 REPLY 1

L7 Applicator

Hello,

Default time out value for a TCP session through PAN firewall will be 3600 Seconds (1 hour). If you think the session is getting timed out after 30 minutes, please verify the same from CLI.

> show session all filter source x.x.x.x destination y.y.y.y application ms-rdp   >>>>>> Identify the session ID from here.

> show session id xyz  >>>>> verify the output

start time                    : Thu Mar  6 15:27:55 2014

        timeout                       : 3600 sec  >>>>>>>>>>> default time out value

        time to live                  : 3548 sec >>>>>>> TTL since last packet received.

        total byte count(c2s)         : 2194

        total byte count(s2c)         : 0

        layer7 packet count(c2s)      : 4

        layer7 packet count(s2c)      : 0

Apply the above mentioned command multiple times and see if the TTL value is decreasing correctly, if there are no consecutive packet received/transmitted for the same session.

As per the logic, once the TTL value become 0, then the session will be closed.

Thanks

  • 1732 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!