Forum Discussion
NimbostratusRecommended best practice for SNAT Translation Idle Timeout
I'm trying to find any information on the IP Idle Timeout setting for SNAT translations. Would this value on be used if using a forwarding VIP and not TCP or UDP virtual service?
TCP Idle Timeout 300 UDP Idle Timeout 60 IP Idle Timeout ?
Any ideas would be appreciated. Thanks.
2 Replies
What_Lies_Bene1Cirrostratus
Be aware that in nearly all cases the minimum Idle Timeout that applies to a connection takes precedence. The only exception to this rule is where TCP profile client and server-side timeouts differ, in which case the longest applies.
The default SNAT idle timeout is 'indefinite'. You can change this for any SNAT type except SNAT automap.
If you're highest timeout for a protocol is 300s I'd set your SNAT timeout to this.
JoadHi, I've read this:
https://support.f5.com/csp/article/K6017
If the connection matches a virtual server and automap SNAT object, the system uses the idle timeout specified in the protocol profile. For more information about idle session timeouts, refer to K7606: Overview of BIG-IP LTM idle session timeouts.
and then the K7606 mentioned above:
https://support.f5.com/csp/article/K7606
With the idle timeout set to Indefinite, the BIG-IP system internally limits UDP and IP SNAT translation idle timeout periods to a maximum of 300 seconds.
So, which timeout win if I've an UDP VS configured with both, UDP profile set to 900 sec. and SNAT automap ?
Thank you
