Chris,
I think your problem has to do with the total retransmit timeout value
for a TCP connection after it is established.
In the Stevens' book there is a chapter about this topic, at page 298.
The 10 minutes value is also explained there.
I have encountered myself this problem when trying to connect to various
machines via SSH.
Hope this helps a bit.
Cristian
Chris Alterio wrote:
>
> Hi,
>
> I had a rule in my rulebase like this:
>
> networkA -> networkB telnet Accept Long
>
> I chaned it to:
>
> grpA@networkA -> networkB telnet UserAuth Long
>
> Now users in grpA have noticed their sessions time out after 10 minutes of
> keyboard inactivity. I checked the User Authentication Session Timeout and
> it is 15 minutes. If I change this value to something less than 10 (like 5),
> the value takes effect and the session is timed out after that span of
> inactivity. But anything over 10 does not seem to work.
>
> I checked our authentication server (Radius) and there is nothing set to
> explain this occurrence. I also checked routers and there is no timeout
> specified in them.
>
> I have read about TCP_TIMEOUT here and in phoneboy and in the CheckPoint
> KnowledgeBase but I don't understand why this is needed unless I want to
> have different timeouts for different services (which is not the case).
>
> I'd appreciate any ideas or clues anyone might have.
>
> Thank You,
> Chris.
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
