|
|
 FAQ
 Search
 Memberlist
 Usergroups
 Register
 Profile
 Private messages
 Log in
|
|
| Author |
Message |
Joseph R
Guest
|
 Posted: Fri Apr 21, 2006 7:55 pm Post subject: question about timeout conn |
 |
|
'timeout conn' Controls all active tcp sessions through a pix correct?
Such as rdp, telnet, client-server communications etc...
What are the repercusions of setting the timeout to a high value around
5-9 hours. We are working with a highly distributed network of vpn's
joing roughly 15 offices. I worry that setting the timeout to a high
value that it might impact the pix unit adversely.
Any input would be great. Thanks, |
|
| Back to top |
|
 |
|
|
Walter Roberson
Guest
|
| Posted: Sat Apr 22, 2006 4:41 am Post subject: Re: question about timeout conn |
|
|
In article <1145634940.001470.70620@g10g2000cwb.googlegroups.com>,
Joseph R <fakeleg@gmail.com> wrote:
| Quote: | 'timeout conn' Controls all active tcp sessions through a pix correct?
Such as rdp, telnet, client-server communications etc...
|
Close, but not -exactly-, in that a few TCP protocols have individual
timers -- RPC for example.
| Quote: | What are the repercusions of setting the timeout to a high value around
5-9 hours. We are working with a highly distributed network of vpn's
joing roughly 15 offices. I worry that setting the timeout to a high
value that it might impact the pix unit adversely.
|
timeout conn only affects -idle- connections. Each active
connection uses some memory. If your systems generate idle connections
faster than they are cleaned up by 'timeout conn' then you would
eventually run out of memory.
RDP and telnet and most client-server communications don't generate
many connections. http can generate a lot of connections, but it is
not common for http connections to sit idle (but it could happen.)
The only thing I've encountered so far that generated a noticable
number of idle connections is MS Exchange client talking to
an Exchange 2000 server. |
|
| Back to top |
|
|
|
|
