cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1331
Views
0
Helpful
1
Replies

FTD firewalls resetting TCP connections after 1 hour

Hello,

I have 3 sites that all have FTD firewalls. I use screenconnect to remotely manage devices at all 3 sites. The screenconnect server is out on the internet, and NONE of my other customers experience these issues. Even other clients with FTD firewalls. Almost all of the computers at all 3 sites will drop the active TCP session every hour on the hour. That sounds like it's an idle connection timeout, but this should be an active connection. What's even weirder is that it will drop the connection every hour for days on end, and then sometimes, the same computer will stay connected for days on end. I can't find any pattern to why they would behave differently. I did determine that the tcp reset is being sent by the firewall by packet capturing on the inside and the outside interface of the firewall.

I've had reports of users having disconnections supposedly hourly, but there's nothing I can repeat aside from the screenconnect sessions, so I'm focusing on that. I'm wondering if there are any debugging commands to watch for TCP resets or any other way to try tracking this down. This client is the only one I have managed by FMC and using IPS, so maybe that is related.

Any ideas would be appreciated. Thanks!

1 Reply 1

CSCvz55395

i think you hit this bug

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: