On 23/12/10 21:34, Florian Weimer wrote: > * Julien Goodwin: > >> For my SRX at the office back when I installed it (9.6 IIRC) *TCP* >> keepalives would not extend session timeouts, but *SSH* keepalives >> worked very well, that's the ServerAliveInterval setting in OpenSSH. > > Typically, TCP keepalives happen at such long intervals that they do > not keep firewall state alive.
In my specific case (whinging admin in internal IT, not production) they were at least every minute. We do actually have some systems that are so old/weird they don't support the ServerAliveInterval, but they're all fairly minor so it's not usually a problem. -- Julien Goodwin Studio442 "Blue Sky Solutioneering" _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
