Hello, I have a question about the mechanism of TCP session timeout on PA FW. Assuming that default TCP timeout on PA device is 3600 seconds. What happen after a TCP session is idle after 3600 seconds ? Does the FW send TCP RST at each endpoints ? Or does it just delete the session from its sessions table ? And in this case if a new packet is sent from either endpoint, is it dropped by the FW ? To specify the context, we are currently trying to troubleshoot some kind of disconnection issues related to one particular custom-built application. This is a common 2-tier application (Client / Server) that relies on TCP session on a dedicated listening port. Users complain that after some delay of inactivity (let's say after 2 hours or even more) the application crashes (there is a common message "connection failure..."). In my mind, since the FW TCP timeout is set to 3600 seconds, if the application session is open for more than 1 hour without any activity it will close the connection. Also I performed a Packet Capture on the FW and what I notice is that a TCP (FIN,ACK) is sent by the client to the server over 8000 seconds after the last packet in this particular session... And I see it at the receive stage as well as at the transmit stage. So am I a little bit confused.
... View more