Forum Discussion
Shayne_Rinne_84
Nimbostratus
NimbostratusF5 as a default gateway
Hello,
We are running CA siteminder policy servers on Solaris 8 behind a BIG IP LTM, and many of our connections to Active Directory LDAP User directories are going into a TCP IDLE state. T...
hoolio
Cirrostratus
CirrostratusHi,
If either the client or server attempts to close the connection with a FIN or RST, BIG-IP should honor that and close the corresponding connection. You can check what the BIG-IP is tracking in it's connection table by running 'b conn all show all'.
If the connections aren't being closed by either the client or server, and you want the BIG-IP to reap them sooner than it is now, you can lower the idle timeout on the FastL4 profile. By default it's set to 300 seconds. You can view/modify the setting under Local Traffic >> Profiles >> Protocol >> FastL4 >> Idle Timeout. You might want to create a custom FastL4 profile if you end up modifying the setting.
There are a few related AskF5 solutions:
SOL7166: Configuring BIG-IP to close idle connections
https://support.f5.com/kb/en-us/solutions/public/7000/100/sol7166.html?sr=685167
SOL5401: Idle connections may be allowed to exist after the idle timeout expires
https://support.f5.com/kb/en-us/solutions/public/5000/400/sol5401.html?sr=685167
SOL7412: The output from the "bigpipe conn show all" command does not correctly display the idle time for PVA assisted connections
https://support.f5.com/kb/en-us/solutions/public/7000/400/sol7412.html?sr=685167
Aaron
