[f-nsp] General question about connection expiration, serveriron XL

Drew Weaver drew.weaver at thenap.com
Thu Jul 9 09:11:58 EDT 2009


Howdy,

I just had a pretty generic question regarding connection expiration, etc.

If you have a simple toplogy such as:

Router -> ServerIron XL -> Firewall -> Servers

Do you have to do anything special to allow http/https connections to be closed when they are no longer being used?

I notice that on the Firewall it seems to 'hang on' to the connections for a tremendous amount of time. When I contact the support for the firewall they indicate that the connections are staying alive because they weren't closed (duh?).  The problem with the connections not being closed, reset, etc is that the firewall has a finite limit of connections before it will just stop opening more.

I set the time out on http/https connections lower and it keeps it from filling up the conn table on the fw but ideally we'd like these connections to close naturally.

Any ideas?

Thanks,
-Drew




More information about the foundry-nsp mailing list