We have three Cisco CSS 11501 and have some intermittent problems with timeouts for a web-based application. After reading threads in this forum I have concluded that increasing the flow-timeout-multiplier could solve the issue.
We are terminating HTTPS connections in our CSSs and then use HTTP for the connections to the server. Should the flow-timeout-multiplier be applied on the HTTPS or HTTP content rule, or both?
Thanks for your help!
you should configure it on both.
Moreover, the SSL module has its own set of timeouts.
CSS11503(config-ssl-proxy-list[gdufour])# ssl-server 1 tcp server inactivity-timeout ?
This is a timeout for the server side connection, but there is another one for the client side.
Check all TCP options.
What is the guideline for setting the inactivity timeout (server and virtual) for the SSL module?
Should it typically be set higher than the flow timeout, since it is by default (240 seconds)?
Thanks again for your help!
you should adjust the timeout with the timeout on the servers. Make it just slightly higher on the CSS than what you have on the server.