I have two separate Unix servers behind a CSS running v8.1. They are accessed via Content/Service rules from client workstations with a one to one mapping between the Content Rules/Services.
When we SSH to one server the SSH connection never times out. On the other server it seems to time out after about an hour.
I've shown I can resolve the ssh timeout on the "broken" server by setting a flow timeout multiplier of 0 for the appropriate content rule. The ssh connection is no longer timed out.
On the first server where ssh connections weren't timed out - I found that the tcp_keepidle and tcp_keep_intvl were set to much lower values (5mins for tcp_keepidle and 5 sec for tcp_keepintvl).
On the second server where the SSH connections timed out, the tcp_keepidle and tcp_keepintvl were set to much larger values of 2 hours and 75 sec respectively.
Armed with the information that the default tcp timeout for the CSS is 16 seconds - I'm struggling to explain how SSH connections to the first server don't timeout in the same way. Since the tcp_keepidle time on the server (which I believe to be the time between the connection becoming idle and the point at which the server begins to send keep-alives) is greater than the default CSS flow timeout.
Is there an internal "minimum flow lifetime" that the CSS respects?
Any other ideas?