Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Connection closed after idle time
  •  
Quentinb

Messages: 34
Karma: 0
Send a private message to this user
Hey All,

I have an interesting issue where users are disconnected from services or their 'sessions' are closed after exactly 2401 seconds (40 min and 01 second).

I have disabled the Auto logout from KC and the issue remains. I also set the Auto logout to 120 Minutes and the issue remains.

We have a Windows Service that provides data on a specific port. If the user is at their PC, all works well. If the user walks away from their PC and the PC is idle for about 1 hour, then the socket gets closed after the 2401 seonds.

We have a dedicated link for this service which runs on a DIGI Net Line (T1?) through a CISCO router, KC Appliance box, LAN NIC into our network.

We have tried running these machines behind the KC box, directly through the CISCO router and the socket does not get closed for many, many hours.

Any ideas as to whom could be closing this socket or why? KC? Windows Desktop? (Vista/7), Active Directory? Windows Server 2008R2 (Not that the connection goes through it anyway), Network Switches??

I am out of ideas here...


From the connection logs...

[21/Aug/2012 22:02:06] [ID] 24298 [Rule] Outbound - Service [Connection] TCP xxx.xxx.xx.41:62220 -> xxx.xxx.xxx.135:sssss [Duration] 2401 sec [Bytes] 92/52/144 [Packets] 2/1/3
[21/Aug/2012 22:02:06] [ID] 24298 [Rule] Outbound - Service [Connection] TCP xxx.xxx.xx.41:62220 -> xxx.xxx.xxx.135:sssss [Duration] 2401 sec [Bytes] 92/52/144 [Packets] 2/1/3
[22/Aug/2012 00:01:52] [ID] 33378 [Rule] Outbound - Service
[Connection] TCP xxx.xxx.xx.0:60624 -> xxx.xxx.xxx.135:ssssss [Duration] 2401 sec [Bytes] 88/48/136 [Packets] 2/1/3
[21/Aug/2012 22:02:06] [ID] 24298 [Rule] Outbound - Service [Connection] TCP xxx.xxx.xx.41:62220 -> xxx.xxx.xxx.135:sssss [Duration] 2401 sec [Bytes] 92/52/144 [Packets] 2/1/3

[Updated on: Wed, 22 August 2012 08:58]

  •  
Jeff Wadlow (Kerio)

Messages: 193
Karma: 6
Send a private message to this user
That could be the "DefaultTcpTimeout" in the winroute.cfg file. Its values is 40 minutes. You could try changing it but it might be better to find a way to keep the connection active.

If you decide to try editing the file then remember to stop Kerio Control before editing the winroute.cfg file.
  •  
Goran

Messages: 326
Karma: 5
Send a private message to this user
this is 40 min in Kerio timeout.. but looks like your software not send "heart beats" to active connection again for next 40 min. you can change settings but as Jeff say dont do it because of security reasons.

Question cannot be stupid, but some of the answers can.
  •  
Quentinb

Messages: 34
Karma: 0
Send a private message to this user
Hi Guys,

thanks for the replies! This really helps in solving the issue. I have spoken to the software suppliers and they are sending keep-alive from the service side to the client application. With this setup, we still get the port closed after 40 minutes.

Is KC direction sensitive when it comes to these keep-alives?

Our firewall rule states that the client has an outbound rule to allow the connection to the destination server. There is no inbound rule. Pretty much the same as HTTP where port 80 is accessible from the client machine through the firewall, but there is no inbound rule from the outside to port 80 as that would be the same as hosting basically.

[Updated on: Mon, 27 August 2012 12:54]

Previous Topic: Blocking websites outside of Lunch hours only
Next Topic: RDP to Windows system running control
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Oct 21 01:27:37 CEST 2017

Total time taken to generate the page: 0.00403 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.