Forum Discussion

Nimbostratus

Apr 24, 2008

F5 as a default gateway

Hello, We are running CA siteminder policy servers on Solaris 8 behind a BIG IP LTM, and many of our connections to Active Directory LDAP User directories are going into a TCP IDLE state. T...

config

design

Shayne_Rinne_84

Nimbostratus

Jul 03, 2008

Thank-you for the replies. It turns out that loose-initiation in combination with loose close is the issue. The F5 is sending a RST 60 seconds after the first FIN to both the Solaris and MS server. This causes the Solaris server to create a TCP IDLE state connection that can be only cleared by restarting the process holding the connection. We have understood the reset to be sent based on our loose close enabled, a 60 sec TCP Close timeout and reset on close enabled. We are looking at our options and have come up with 3:

1. Turn off reset on close

2. Turn off loose close

3. Increase the close timeout to match the IDLE timeout

Any recommendations?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

F5 as a default gateway

F5 Academies Are Back – And We’re Coming to a City Near You

Introducing the F5 Application Study Tool (AST)

Recent Discussions

Audit Logging on LTM and GTM

Change Content-Type from application/octet-stream to multipart/form-data

Problem with sending BotDefense logs to remote server

What dose "Accept" do in BIG-IP ASM event logs

OSPF traps on BIG-IP v14

Related Content

F5 AI Gateway - Secure, Deliver and Optimize GenAI Apps

API Gateway Mapping - Gartner - F5

LTM: Per-VLAN Default Gateways

Integrating F5 BIG-IP with Kubernetes SIG Gateway API

Announcing F5 NGINX Gateway Fabric 1.5.0 with NGINX Code Snippets

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS