cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2120
Views
0
Helpful
8
Replies

Session Timeout HTTP

daniel8751
Level 1
Level 1

I use to have a NetGear FVS338

I installed ASA 5505 two weeks ago.

This new firewall must have some timeout settings that the old NetGear didn't have.

I use Microsoft Reporting Services on my webserver that is behind this firewall.

I have a report that takes several minutes to run and now it timesout.

I have UDP 1026, TCP HTTP and HTTPS open.

I set the UDP timeout to 10 minutes in ASDM and this did not solve the issue.

It seems to timeout right at 2 minutes, so there must be a 2 minute default timeout set somewhere that I can't find.

Please help.

8 Replies 8

Ivan Martinon
Level 7
Level 7

these are all the timeouts that the ASA uses:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/t.html#wp1500148

See if one of these affects your reporting service, it would be helpful for you as well to turn on some logs that might show what connection is dropped due to what timeout.

Thanks for the response...I set all these to 10 minutes and it still timesout at 2 minutes. Do you have to Reboot the firewall for this to take affect? If so I have to do it after hours.

Nope, no reboot is required at all, I would advise you to go ahead and set the logs on the ASA, they will tell you what timed out and why? logging monitor 5 with messages to monitor should show you something.

I set the logging to debug mode.

There are no errors or anything, but the report is still timedout.

One thing I did notice is that the TCP build and teardown happens every minute during the connection.

You get one line saying Built Inbound TCP connection and the next line is teardown TCP connection.

Is it possible to extend the time between teardowns on the TCP connection?

What is the reason of the tear down? depending on this is whethere you will be able to control it or not

See attached screenshot

The message that you see here for the port 443 is a normal termination of a TCP connection, the Server receives a Fin Flag, hence the firewall drops this TCP flow since there is no need to keep it up.

Ok - well just coincidence that I put a new firewall in. Turns out my data is getting very large and found this article to fix the issue:

http://support.microsoft.com/kb/825739

Increasing the timeout from this articel solved the problem.

Time to work on some database indexing.

Thanks for your help!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: