For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Reddy1's avatar
Reddy1
Icon for Altostratus rankAltostratus
Mar 11, 2019

Custom TCP Idle Time_out

I have a requirement to configure a custom TCP_IDLE timeout.

 

  1. All the users can only access the network resources after connecting to the SSL VPN on the F5 APM.
  2. One of the Data-Base query is failing right after the 2 hours.
  3. its just the DB getting time out, the VPN stays UP though.
  4. Packet captures shows its the F5 sending the Reset.
  5. Support suggested to increase the Tcp idle time out.

If i want to have different TCP IDLE_TIMEOUT value for only the traffic destined to the 1521 , can i apply the irule on the VIP (where the SSL VPN is terminated).

 

when CLIENT_ACCEPTED { set dg_port [TCP::server_port] if {$db_port equal 1521} { TCP::idletime 10800 } }

 

application delivery
BIG-IP Access Policy Manager (APM)
iRules

2 Replies

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Mar 12, 2019

    Hi,

     

    to change TCP inactivity timeout on inner connection, you must first create a virtual server and change the timeout value. the easiest solution without irule is to create one virtual server:

     

    • destination : 0.0.0.0/0
    • destination port : 1521
    • type : formwarding IP
    • enable on VLAN : Connectivity profile
    • protocol : TCP
    • protocol profile : fastL4_sqlnet

    and one protocol profile fastL4_sqlnet from parent fastL4 with idle timeout set to 10800