I'm running into an issue with our JK communications being interrupted by our firewall. Any help would be appreciated...
Our firewall is reporting that the JK Connector is sending SYN packets for connections that are already established. The firewall is configured to drop connections that are inactive for over 1/2 hour, but the connections associated with the invalid SYN packets are generally only ~3-5 minutes old. The folks maintaining the firewall claim that the JK communications are non-RFC compliant and the connections are being dropped as a result. This is happening hundreds of times per day. This is a high-traffic load-balanced website handling hundreds of thousands of requests per day. We get up to 400 AJP Listener threads active on each of our Tomcat servers at any given time. The server hardware configuration looks like this: * Two IIS Servers w/ JK ISAPI plugin located in the DMZ * Nokia firewall software * Foundry load balancer within our internal network * Three Tomcat 4.0 servers within our internal network Our workers.properties file is pretty simple: worker.list=frontend worker.frontend.host=XXXXX.XXX.hp.com worker.frontend.type=ajp13 worker.frontend.port=8007 Any suggestions would be appreciated. Thanks, Pat Conant --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
