Session Idle timeout regardless of the setting on LTM profile

Can you use this command and see if it displays the correct idletime please; show sys connection all-properties - if you've a great deal of connections, use ? to help you filter as necessary.

Hi Steve,

 

 

Thanks a lot for the tip. It looks like we do have some timeout of some sort.

 

 

I see stuff like this:

 

 

81.156.252.183:59172 - 172.16.215.3:443 - 81.156.252.183:59172 - 10.0.8.12:443

 

------------------------------------------------------------------------------

 

Slot 1

 

TMM 7

 

Type any

 

Protocol tcp

 

Idle Time 15

 

Idle Timeout 300

 

Unit ID 1

 

Lasthop /Common/external f0:f7:55:43:bd:de

 

Virtual Path 172.16.215.3:443

 

 

ClientSide ServerSide

 

Client Addr 81.156.252.183:59172 81.156.252.183:59172

 

Server Addr 172.16.215.3:443 10.0.8.12:443

 

Bits In 11.4K 4.6K

 

Bits Out 34.0K 6.4K

 

Packets In 9 4

 

Packets Out 9 5

 

 

I don't see anywhere a timeout as set in the profile. Our network admin sent me a filtered output but the filter was not right.

 

 

Now, how do I change this timeout?

Hmmm, I'm working on another post and the same issue but with tcp profile idle timeouts. This could be a bug but I'm unable to test. Hopefully someone who can will jump in and assist.

Can you post an anonymized copy of your virtual server definition using 'tmsh list ltm virtual VS_NAME'?

 

 

Thanks,

 

Aaron

Sure. I am getting access to the box now, so I can run the commands myself instead of going via the networking admin.

 

 

I will post the results shortly.

 

 

Thanks guys.

 

I am actually pulling the output from the Profile we're using (we're using F5 "as a firewall" and that's where it's failing)

 

 

tmsh list ltm profile fastl4

 

ltm profile fastl4 FastL4_NC01_Custom_SSH_TIMEOUT {

 

app-service none

 

defaults-from fastL4

 

idle-timeout 3600

 

}

 

ltm profile fastl4 fastL4 {

 

app-service none

 

idle-timeout 300

 

mss-override 0

 

pva-acceleration full

 

reassemble-fragments disabled

 

reset-on-timeout enabled

 

}

 

 

Now, we're using a child profile who's parent is fastL4 but still trying to figure out the parameters to get that info. I haven't touched F5 in a few years :)

 

Can you post the VS config though that the profiles are attached to? There should be a virtual server that is passing the traffic.

 

 

If there isn't a VS, it could be a SNAT that's passing the traffic.

 

 

Aaron

Hi Aaron,

 

 

Our timeout issue has been fixed. I am really not sure what fixed it, as nothing out of the ordinary has been done to fix it.

 

 

Probably we did hit a bug, could it be that the setting was right but not applying to the sessions for new reason (all new sessions, not existing)

 

 

The only changes were:

 

- Standby appliance was way behind, so, configs were synced.

 

- Ran QKView for the tech support.

 

- Remove customization on the fastl4 child profile, click update

 

- Set the idle-timeout back to 3600 in our fastl4 child profile, click update.

 

 

Nothing else was done. I remember long, long ago, around version 9 I ran into the case that the parameters on the GUI differed from the console. Is this still an issue on 11?