| Excerpt |
|---|
Firewalls will often drop idle ssh connections. You (on your client) and/or your server administrator (on your server), can take steps to ensure connections stay alive and thus are not dropped. |
IT Security Office's info on this, as of March 11, 2016, for ADOMS
1. Idle timeouts and disconnected sessions
One of the big issues reported to us in the course of Managed Firewall migrations has been session timeouts; users of persistent ssh sessions, persistent Oracle sessiosn, and the Library's Voyager application have experienced untoward application timeout issues.
Since the Managed Firewall infrastructure maintains state tables, it has to do housekeeping and expire state table entries that have been idle. By default, the infrastructure has a state table timeout of 300 seconds, and a session TTL
("time-to-live") of one hour.
To address this issue, we have configured Global Service Objects for ADOM administrators to use, which extend the session TTL to ten hours; more information on using these objects can be found in our ADOM Administrator
documentation:
https: //confluence.cornell.edu/display/itsecdocs/Managed+Firewall+Service
; alternatively, you may always contact us for assistance using these Service Objects or custom-configuring session TTL's yourself (if, for example, you need timeouts longer than ten hours).
IT Security Office's info on this, as of March 2016:
--------------------------------------------------
...