Can anyone assist with a fix for the following issue on traffic through the ACE module?
TCP sessions are being reset after 60 minutes of inactivity (default behaviour I understand). I need to extend this to 7500 seconds.
Our ACE sits between the internal corporate network and the corporate (CheckPoint) Firewall. The FW administrators are seeing TCP resets coming from the internal network (ie...the ACE) after exactly 60 minutes of inactivity. 2 applications need these connections to remain open for at least 2 hrs.
I thought perhaps I should apply a parameter-map to the server side interface as well as the client side (where it is already applied). I currently have a server side policy-map of type "management". I expect this wouldn't have effect on application traffic in this case so what if I configure a new policy-map of type "multi-match" on server-side? For example if I configured the following:
existing parameter-map is....
parameter-map type connection External_Connections
set timeout inactivity 7500
policy-map multi-match ServerSide_FW_DR_L4_LB_VIP_POLICY
connection advanced-options External_Connections
interface vlan 3390
service-policy input ServerSide_FW_DR_L4_LB_VIP_POLICY
1 - Would this do the job?
2 - Would it only affect the TCP inactivity timeout and otherwise leave everything else alone (not break anything)?
Attached are show techs for the switch and the module.
Grateful for any assistance with this.