[j-nsp] Juniper SRX and ssh freeze

Julien Goodwin jgoodwin at studio442.com.au
Thu Dec 23 05:50:46 EST 2010


On 23/12/10 21:34, Florian Weimer wrote:
> * Julien Goodwin:
> 
>> For my SRX at the office back when I installed it (9.6 IIRC) *TCP*
>> keepalives would not extend session timeouts, but *SSH* keepalives
>> worked very well, that's the ServerAliveInterval setting in OpenSSH.
> 
> Typically, TCP keepalives happen at such long intervals that they do
> not keep firewall state alive.

In my specific case (whinging admin in internal IT, not production) they
were at least every minute.

We do actually have some systems that are so old/weird they don't
support the ServerAliveInterval, but they're all fairly minor so it's
not usually a problem.

-- 
Julien Goodwin
Studio442
"Blue Sky Solutioneering"


More information about the juniper-nsp mailing list