TCP Timeout on backend sessions

soumya.sarkar · ‎10-09-2007

We are using the CSS5-SSL-C-K9 module.

We use front-end and back-end ssl sessions for our https app.

i.e. :

browser -- ssl traffic -- sslrule -- K9cardfrontserver -- contentrule -- K9cardbackendserver -- realbackendserver.

We specify flow-timeout-multiplier 400 to avoid timing out the flows for the content rules.

But we still see the backend tcp session being closed after about 4-5 mins of idle i.e. server sleeps before response.

We do not want this to time out.

Any ideas what could be missing ??

Gilles Dufour · ‎10-09-2007

the flow timeout command is for the css not to delete the flow.

But the SSL module as also its own timeouts.

CSS11503-2(config-ssl-proxy-list[gdufour])# ssl-server 1 tcp ?

...

inactivity-timeout Specify the server-side SSL TCP inactivity timeout

The default is 240 sec.

You can increase it to 3600 sec max.

The same command exist for the front-end connection.

Gilles.