[j-nsp] Weird SRX flow timeout issue
Julien Goodwin
jgoodwin at studio442.com.au
Mon Nov 12 12:47:15 EST 2012
On 12/11/12 06:37, Benny Amorsen wrote:
> Andrew Yager <andrew at rwts.com.au> writes:
>
>> By default the SRX closes the flow after 30 minutes (1800 seconds) as there is no activity on the wire during this time.
>
> I have no SRX firewalls, so I cannot help you with your actual problem,
> but I can provide an ugly workaround...
>
> If you play with
>
> tcp_keepalives_count
> tcp_keepalives_idle
> tcp_keepalives_interval
>
> in postgresql.conf, you can get Postgres to send TCP keepalive every so
> often. That should keep the session open.
Sadly SRX doesn't (or at least a few years ago didn't) consider TCP
keepalives sufficient to keep the session open.
I found any form of application keepalive sufficient.
--
Julien Goodwin
Studio442
"Blue Sky Solutioneering"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20121112/54764407/attachment.sig>
More information about the juniper-nsp
mailing list