06-07-2016 05:33 PM
Hi,
The default TCP idle timeout setting for the Cisco IronPort email gateway is 6 hours (or 10,000 queries) whichever comes first. Is there a way to change the 6 hours value to something lower such as 1 hour?
Also does anyone know the reason why it's been set to 6 hours? That value seems very high.
Thanks
Peter.
06-07-2016 07:00 PM
Hello Peter,
I think this idle timeout you're looking at is the LDAP connection.
Your device's idle timeout for SMTP traffic is defined in your listener configuration.
GUI > Network > Listener
Here you see the TCP timeout windows at the global settings for SMTP traffic.
Regards,
Matthew
06-07-2016 07:12 PM
Matthew,
That's correct, I'm looking at reducing the TCP idle time out for LDAP connections from the default 6 hours to 1 hour which is the value set on the firewalls.
We are seeing a lot of errors in our LDAP debug logs:
Connection interrupted (writer)
connecting to server
connected to server
Connection Error: [Errno 54] Connection reset by peer
I'm not sure if changing the SMTP idle timeout will resolve this.
Thanks
Peter
06-07-2016 07:36 PM
Hey Peter,
Ah, this is hard coded on the ESA and not configurable.
There is an enhancement request put through but still being Reviewed:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCun98077
Regards,
matthew
06-07-2016 08:11 PM
Matthew,
Thanks for that, do you know if this is going to be available/resolved in any upgraded versions on AsyncOS?
Thanks
Peter
06-07-2016 08:13 PM
Hey Peter,
Unfortunately I do not have access into the feature paths on any future releases, so at this stage I do not have any details of it going forward.
As it's in an Assigned state, I believe it's still being considered by the product team.
Regards,
Matthew
06-07-2016 08:27 PM
Thanks guys, I appreciate the feedback.
Peter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide