On Tue, Mar 30, 2010 at 6:25 PM, Oliver Hansen <[email protected]> wrote: > I tried posting this specifically before and didn't have any luck ( > http://www.mail-archive.com/[email protected]/msg19099.html ) but now that > I have contacted Microsoft I have a few more details to ask the questions > with. Here is the basic scenario: > > - On the server, TCP session timeouts have been lowered to 5 minutes > (through a reg edit that MS support had me make) > - The client application has been shut down and netstat shows no connections > open to the server > - The server still shows many (up to 30) connections to the client long > after the 5 minute timeout window > - The pfSense (1.2.3-RC3) GUI Diagnostics -> States table shows sessions > between the client and server as ESTABLISHED:ESTABLISHED > - The client and server are in two different subnets connected by an IPSec > VPN > > Now, is there anything in pfSense that would keep a session open even after > the client has closed it and the server's TCP timeout window has passed?
Any connection in the state table will be open until the firewall's state timeout (which you can specify more granularly on a per-rule basis if desired), or the connection is closed by the client or server. The timeout on the servers have nothing to do with the firewall, unless they actually close the TCP connection, not just drop it, at the end of that timeout. Without a pcap showing the actual traffic, there's no telling what's happening. The only sure thing is neither the client or server is closing the TCP connection if you see it as ESTABLISHED:ESTABLISHED. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
