[f-nsp] General question about connection expiration, serveriron XL
Oliver Adam
oadam at madao.de
Fri Jul 10 08:12:23 EDT 2009
There is not a lot you can do talking about connection expiration.
The XL is not terminating the SSL traffic and the XL is basically
acting as L4 load balacing devices in your setup. The session is
getting terminated at the real servers. The session expiration/close
down depends on the real server and the client - one of the is going
to close the connection down and the firewall should see this.
Let me ask one question: Looking at these sessions do they come from
various client IP addresses or is it maybe related to health check
traffic in between the ServerIron and the real server?
Cheers,
Oliver
At 15:11 09.07.2009, Drew Weaver wrote:
>Howdy,
>
>I just had a pretty generic question regarding connection expiration, etc.
>
>If you have a simple toplogy such as:
>
>Router -> ServerIron XL -> Firewall -> Servers
>
>Do you have to do anything special to allow http/https connections
>to be closed when they are no longer being used?
>
>I notice that on the Firewall it seems to 'hang on' to the
>connections for a tremendous amount of time. When I contact the
>support for the firewall they indicate that the connections are
>staying alive because they weren't closed (duh?). The problem with
>the connections not being closed, reset, etc is that the firewall
>has a finite limit of connections before it will just stop opening more.
>
>I set the time out on http/https connections lower and it keeps it
>from filling up the conn table on the fw but ideally we'd like these
>connections to close naturally.
>
>Any ideas?
>
>Thanks,
>-Drew
>
>_______________________________________________
>foundry-nsp mailing list
>foundry-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/foundry-nsp
More information about the foundry-nsp
mailing list