Timeouts

Timeouts define how long a connection should be idle before it is marked ready to close. The result of a connection reaching its timeout value differs for each IP protocol. For example, TCP has enough information embedded for the GNAT Box System to determine when the connection is ready to close, but with ICMP and UDP, it is generally impossible to determine when a connection is ready to close.

TCP Default is 600.

Wait for ACK Default is 30 seconds. As part of TCP connection creation, the client and server exchange several IP packets. All packets sent from the server will have a bit indicating ACK (acknowledgement) in the header. As part of Stateful Packet Inspection, the GTA Firewall keeps a record of seeing this bit. If it is not seen, the remote server is probably down. If the idle time is reached without an ACK from the server, the connection is marked ready for close.
 

Send keep alives Enabled by default. If a successfully created TCP  connection remains idle for the timeout period and this field is disabled, the connection is marked ready to close. If this field is enabled, a Keep Alive packet is sent. If the connection is still valid, the GTA Firewall will set the connection idle time to zero. If the connection is invalid, the GTA Firewall will see a reset packet indicating this, sent by the client to its server, and will mark the connection ready to close. If no response is received within five minutes, the GTA Firewall will mark the connection ready to close.

UDP Default is 600.
 

ICMP Default is 600.
 

Default Default is 600 (10 minutes). This is the timeout for any supported protocol other than TCP, UDP or ICMP. After a connection is marked as ready to close, the GTA Firewall will wait five seconds before it actually closes the connection. This gives redundant IP packets a chance to clear the GTA Firewall without causing false doorknob twist error messages.

Wait for close Default value is 20 seconds. If your firewall is experiencing spurious Remote Access Filter blocks from reply packets, typically from port 80 (the Web), you may want to increase this value, giving packets from slow or distant connections more time to return before the connection is closed.

Return to NAT