SSL Module Session Timeout after 10 Minutes
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-30-2005 08:45 AM
I have 4 6509s 2 are distribution and 2 are access…the 2 distro have a fwsm, ssl module, and a csm. The csm I have in bridge mode with default gateway as the fwsm, and almost all the services are an ssl offload. Now, Everything works great, but one piece, one of the programmers to one of the apps, has created the report that takes almost an hour to generate, and well the session times out after 10 minutes, thus causing the report to die. I have troubleshot the issue and isolated it down to the ssl module causing the 10 minute timeout. I ran the report straight to throught csm to the real server and it works, I created a plain text vserver for the report to the serverfarm and that works, now mind you I had to modify the timeouts on the firewall first, but it all works, now when I go to the VIP that has SSL offloading, it dies at exactly 10 minutes. I have tried creating SSL Policies and TCP policies and applying them to the SSL-Proxy service in use and that doesn’t seem to have an effect…I need some advice to get me down the right path, any help would be great!!!
- Labels:
-
Application Networking
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-06-2005 11:08 AM
Try using the following command in the content rule. This should solve the problem.
"flow-timeout-multiplier x" where x is an integer. The css multiply x by 16 to have the timeout in seconds. so any value higher than 5 is good for you. For more information on this command have a look at the following URL.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2005 06:49 AM
this is a CSM not a CSS :-(
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2005 06:54 AM
ssl-proxy policy tcp
[no] timeout inactivity
Regards,
Gilles.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-15-2005 06:46 AM
thanks...and to take it a step further I found that the tcp policy had to put on the virtual and the server side of the ssl-proxy service along with an ssl policy on the virtual...and thanks for your help...
