Forum Discussion
NimbostratusNetwork Access (VPN) Inactivity Timeout
Hi Guys,
I have an access profile with Network Access (VPN) Assigned and I want to configure an inactivity timeout for F5 Access Mobile application. I see that inactivity timeout configuration under Access Profile General Properties is not working as expected. I use 'split tunneling' for traffic going to internal servers via vpn tunnel. I assume that the F5 Access client is communicating with F5 APM (mybe keep alives) and it's considered as an activity.
Any suggesions how to disconnect the session when there in no traffic from mobile client to my internal servers via VPN ?
- boneyard
MVP
i would challenge that assumption, if a keep alive was used then network access would never time out.
consider things like DNS or other services which are perhaps used without you directly noticing.
so first determine the cause or rule it out, wireshark filter on the internal subnets and check if really no traffic is send.
RaghavendraSYAltostratus
Best suggestion is to use session timeout. Analyze the data and configure best session timeout value for your access profile.
Johnnyx_304575Cirrus
I found this article which was helpful - https://support.f5.com/csp/article/K12300
Inactivity Timeout
The Inactivity Timeout setting controls how long (in seconds) a client can keep a live session without sending traffic. The timeout counter is updated based on the Session Update Threshold and Session Update Window settings. These are located in the Network Access configuration Advanced settings regarding client byte rates. If byte rate activity falls below the configured ranges for the Session Update Threshold and the Session Update Window, the Inactivity Timeout will not be reset. If the Inactivity Timeout value is reached the BIG-IP APM system will terminate the session. The default value is set to 900 seconds.
