dear guy

i use Cport.exe to show all port in my SEPM , there are too much connection in Time_wait status so that is the reason hit to Firewall, it make CPU of firewall overload, can somebody help me what happen from client , why client didnot disconnect after finished update , how to fix that ? pls see my picture

can you check whats the value set here on your machines?

dear all guy

all client version 12.1.x , SEPM = 12.1.RU5 , all client using Pull mode , heartbeat is 3 hours .

in policy tab , i was clear few check box below :

a/  traffic log , control log , packet log : turn off upload to manager server

b/ Let clients upload critical events immediately : turn off

i hope after turn off it the number of client connect SEPM will decrease but nothing change.

Rafeeq : i dont see the TCPtimeWaitDelay on my SEPM server , is it your mean is create a value on that location ?

It's on the client, not the SEPM.

dear brian and all guy

on the client not see it . is it this issuse have relate with full content download, my mean : if the GUP download file full content ( arround 500 MB ) if the GUP have less than 100KB bandwith so the time to dowload will longer ( arround 3hours ) so the next GUP download the full content , so SEPM will hold more connection from client to finished them donwload ,  is it true or anything eles ? but i wonder why when client finihed dowload is it client auto disconnect or change to time_wait status

another way i think is it some policy I was config wrong so  make the client connect to SEP server all time ( time_wait ),,,because all connect is begin from client to SEPM ( pull mode ) ???

You are right, connection is initiated by client ( smc.exe) based on heartbeat interval.

client requests will be forwarded to GUP, ideally you should be seeing the timeout on the GUP server

so how can i trouble it now ,i was config all base my knowledge , how to limit time_wait on SEPM , my purpose is don't want that kind of connection hit on Firewall ? pls help me

why would SEP client hit your firewall? It will hit SEPM which is in your internal network, do your clients go through firewall to reach SEPM?

we have more 8000 client with >400  branch , each branch around 100-200 client , each branch have router/firewall though WAN connect to Headoffice . but i wonder why sepm have a lot of time_wait connection , what process in it ?

can somebody tell me ?

i was open support case 2 day ago , untill now the engineer stil not fix my issuse,,,,