Why isn't the TCP idle timeout value being reset to 3600 seconds when packets are clearly being passed through my Firewall? (4.1SP2

Why isn't the TCP idle timeout value being reset to
3600 seconds when packets are clearly being
passed through my Firewall? (4.1SP2 - IPSO 3.3)

When packets are accepted in the rulebase they are placed in the state table and a timer is started (defaults to 3600 seconds). The timer is reset every time a new packets for that connection is matched against the state table. Under certain circumstances Nokia FLOWS can cause the timeout not to be reset and eventually the session will get reset because the Firewall sees it as an out of state packet.

To test whether FLOWS is causing this, turn it off by running "ipsofwd slowpath". This will not survive a reboot. See *** for info on how to make this change it permanent.

Added 07 MAY 2003

< back