Hello Peter,

peter.gazinoski · ‎06-07-2016

Hi,

The default TCP idle timeout setting for the Cisco IronPort email gateway is 6 hours (or 10,000 queries) whichever comes first. Is there a way to change the 6 hours value to something lower such as 1 hour?

Also does anyone know the reason why it's been set to 6 hours? That value seems very high.

Thanks

Peter.

Mathew Huynh · ‎06-07-2016

Hello Peter,

I think this idle timeout you're looking at is the LDAP connection.

Your device's idle timeout for SMTP traffic is defined in your listener configuration.

GUI > Network > Listener

Here you see the TCP timeout windows at the global settings for SMTP traffic.

Regards,

Matthew

peter.gazinoski · ‎06-07-2016

Matthew,

That's correct, I'm looking at reducing the TCP idle time out for LDAP connections from the default 6 hours to 1 hour which is the value set on the firewalls.

We are seeing a lot of errors in our LDAP debug logs:

Connection interrupted (writer)

connecting to server

connected to server

Connection Error: [Errno 54] Connection reset by peer

I'm not sure if changing the SMTP idle timeout will resolve this.

Thanks

Peter

Mathew Huynh · ‎06-07-2016

Hey Peter,

Ah, this is hard coded on the ESA and not configurable.
There is an enhancement request put through but still being Reviewed:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCun98077

Regards,
matthew

peter.gazinoski · ‎06-07-2016

Matthew,

Thanks for that, do you know if this is going to be available/resolved in any upgraded versions on AsyncOS?

Thanks

Peter

Mathew Huynh · ‎06-07-2016

Hey Peter,

Unfortunately I do not have access into the feature paths on any future releases, so at this stage I do not have any details of it going forward.

As it's in an Assigned state, I believe it's still being considered by the product team.

Regards,

Matthew

peter.gazinoski · ‎06-07-2016

Thanks guys, I appreciate the feedback.

Peter

TCP idle timeout setting on IronPort