Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 28 subscribers
  • Views 3101 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

timeout sslvpn

francis Soen

my xg230, running 17.5.11, does not disconnect sslvpn tunnels.  I have left my connection on overnight and in the morning, the connection is still working.  The Disconnect dead peer after is set to 180 seconds.

 

The Disconnect idle peer after is set to 15 minutes.

Under SSL VPN, the Disconnect idle clients is on with the override global timeout is set to 60 minutes.

 

Why aren't tunnels not being disconnected?



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Vishal_R

    Yes, I read that and I still don't understand why after over 8 hours of inactivity, the ssL VPN tunnel IS NOT being disconnected automatically.

    I would really appreciate a simple Yes or No, should I expect the XG230 to  be able to kill an inactive SSL VPN tunnel (one left open overnight)?

Children
  • 0 in reply to francis Soen

    The question is, what does inactivity mean? Clients and other Services frequently communicate with services. There is no person behind the tunnel, still there is communication between services, keep-alives etc. Most likely the tunnel is not inactivate at all, and still traffic is flooding. 

    Look at the live user while you are logged in with the SSLClient and check, if the traffic is ticking or not. 

  • 0 in reply to LuCar Toni

    Well, maybe there is another approach that can be taken.  When a SSLVPN tunnel is established, the firewall hands out an IP address so is there a way to set a maximum life for the IP address?  WIth my domain DCHP i can set that lease time. Where is that in the XG?