There is not a lot you can do talking about connection expiration.
The XL is not terminating the SSL traffic and the XL is basically
acting as L4 load balacing devices in your setup. The session is
getting terminated at the real servers. The session expiration/close
down depends on the real server and the client - one of the is going
to close the connection down and the firewall should see this.
Let me ask one question: Looking at these sessions do they come from
various client IP addresses or is it maybe related to health check
traffic in between the ServerIron and the real server?
Cheers,
Oliver
At 15:11 09.07.2009, Drew Weaver wrote:
Howdy,
I just had a pretty generic question regarding connection expiration, etc.
If you have a simple toplogy such as:
Router -> ServerIron XL -> Firewall -> Servers
Do you have to do anything special to allow http/https connections
to be closed when they are no longer being used?
I notice that on the Firewall it seems to 'hang on' to the
connections for a tremendous amount of time. When I contact the
support for the firewall they indicate that the connections are
staying alive because they weren't closed (duh?). The problem with
the connections not being closed, reset, etc is that the firewall
has a finite limit of connections before it will just stop opening more.
I set the time out on http/https connections lower and it keeps it
from filling up the conn table on the fw but ideally we'd like these
connections to close naturally.
Any ideas?
Thanks,
-Drew
_______________________________________________
foundry-nsp mailing list
[email protected]
http://puck.nether.net/mailman/listinfo/foundry-nsp
_______________________________________________
foundry-nsp mailing list
[email protected]
http://puck.nether.net/mailman/listinfo/foundry-nsp
