Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
532
Views
0
Helpful
4
Replies

PIX and Citrix Timeouts

bmuha
Level 1
Level 1

‎06-08-2004 11:32 AM - edited ‎02-20-2020 11:27 PM

Ok folks this one got me baffled.

I have a client that that uses Citrix client to connect through the internet to a Citrix Server. ALL works well except the timeout..

I have my pix set to timeout ideal tcp connections after 60mins.. On the server side they have there timeout set at 180mins. Now when the pix timesout that connection with the teardown it does not seem to be disconnecting from the Citrix server. They are not able to log back in because the citrix server thinks they are still there.

If the client disconnects the connection correctly all works well and they can log right back in...

Anyone have any thoughts or ideas on this

TIA

--Brian

0 Helpful
4 Replies 4

jonathanstevens
Level 1
Level 1

‎06-08-2004 11:28 PM

I think that what will be happening is that after an hour on inactivity in the session between the client and the server, the PIX will timeout the session internally, and remove the entry from the connection table. It does not communicate with the client or server during this process.

Now as the server thinks it still has a valid TCP connection, it won't bother with SYN packets, so the traffic is dropped by the firewall.

I would suggest you either lower the Citrix idle timeout to below 60 minutes, lengthen the PIXes or setup some sort of keepalive on the server/client.

0 Helpful

bmuha
Level 1
Level 1
In response to jonathanstevens

‎06-09-2004 05:04 AM

Ok thanks

I have asked the company tht runs the server if they would decrease to 1 hour but of xcourse they would not because most clients do not like that..

Well on my end I do not think I should keep 3hr ideal TCP connections open either ....

0 Helpful

jonathanstevens
Level 1
Level 1
In response to bmuha

‎06-09-2004 05:35 AM

There might be some sort of keepalive option within the client software (e.g. send a NOOP packet or similar every 15 minuntes).

Good luck with that anyway.

0 Helpful

nboulet
Level 1
Level 1
In response to jonathanstevens

‎06-13-2004 08:22 AM

Look at the Citrix Metaframe Advanced Admin Guide. They talk about that. You need to add a keepalive feature on the citrix server. (registry modification).

bye

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card