03-02-2009 01:03 PM - edited 03-11-2019 07:59 AM
I use to have a NetGear FVS338
I installed ASA 5505 two weeks ago.
This new firewall must have some timeout settings that the old NetGear didn't have.
I use Microsoft Reporting Services on my webserver that is behind this firewall.
I have a report that takes several minutes to run and now it timesout.
I have UDP 1026, TCP HTTP and HTTPS open.
I set the UDP timeout to 10 minutes in ASDM and this did not solve the issue.
It seems to timeout right at 2 minutes, so there must be a 2 minute default timeout set somewhere that I can't find.
Please help.
03-02-2009 01:37 PM
these are all the timeouts that the ASA uses:
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/t.html#wp1500148
See if one of these affects your reporting service, it would be helpful for you as well to turn on some logs that might show what connection is dropped due to what timeout.
03-02-2009 01:54 PM
Thanks for the response...I set all these to 10 minutes and it still timesout at 2 minutes. Do you have to Reboot the firewall for this to take affect? If so I have to do it after hours.
03-02-2009 02:05 PM
Nope, no reboot is required at all, I would advise you to go ahead and set the logs on the ASA, they will tell you what timed out and why? logging monitor 5 with messages to monitor should show you something.
03-02-2009 03:03 PM
I set the logging to debug mode.
There are no errors or anything, but the report is still timedout.
One thing I did notice is that the TCP build and teardown happens every minute during the connection.
You get one line saying Built Inbound TCP connection and the next line is teardown TCP connection.
Is it possible to extend the time between teardowns on the TCP connection?
03-02-2009 03:08 PM
What is the reason of the tear down? depending on this is whethere you will be able to control it or not
03-02-2009 03:22 PM
See attached screenshot
03-02-2009 03:31 PM
The message that you see here for the port 443 is a normal termination of a TCP connection, the Server receives a Fin Flag, hence the firewall drops this TCP flow since there is no need to keep it up.
03-02-2009 04:58 PM
Ok - well just coincidence that I put a new firewall in. Turns out my data is getting very large and found this article to fix the issue:
http://support.microsoft.com/kb/825739
Increasing the timeout from this articel solved the problem.
Time to work on some database indexing.
Thanks for your help!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: