Endpoint Protection

Hi all.

I have a problem whereby Network Threat Protection is closing down idle sessions (5 mintues) on certain applications  - 1 in particular is particulary noticeable

I found this document that describes the problem

http://www.symantec.com/business/support/index?page=content&id=TECH94334&key=55359&actp=LIST

Is there anyway to stop Network Threat Protection closing down the connections as this causing massive problems with an application we use. The link above states the following

To prevent idle sessions from expiring prematurely from the state table you can implement the use of TCP Keep-alive packets with an interval of less than 5 minutes

I'm guessing this is reffering to set a keep alive within the application somehow? If so that's not really a fix as we are effected by several applications

Can anyone help?

Many thanks.

Hi,

I think the Document refers to the setting in SEPM-Firewall Policy.

Go to SEPM-Policies-Firewall Policy( Network Threat Protection), and do the setting mentioned.

Hi.

There is no setting there for Keep-alives

Bump - anyone?

Really, no one?

well, no response from symantec support when I've looged this call - typical, but par for course

Was hoping someone on the forums would help....?

do you see any logs on the client side?

r u on RU6 MP2, >> ??I remember one old discussion on keep alive issues, let me search that for u ..

Hi Rafeeq.

Thanks for your response

no, unfortunately nothing in the logs....it's not a rule based problem - it's exactly the problem described in the link in my first post....seems that SPI part of the firewall closes the connection after 5 mintues....

i've spoken with the software vendor but they don't employ the use of keep-alives in their product - and nor do they have to according to the RFC standards.

It also effects our RDP connections although not a massive problem

cheers

You are right, its somehow hardcoded, not sure if we can change this in registry....

on how many servers do u want it to disable just keep  alives?

sorry - on how many servers?

I just want my laptops/desktops to not be affected by this.....

the document references changing keep alives but doesn't specify where this is done  - or if it's even a symantec change anyway....

I just want it to not drop the stateful part of the connection after 5 minutes....

cheers

yeah thats how it works, u can change the value  to a higher value.

http://technet.microsoft.com/en-us/library/dd349797(WS.10).aspx

I'm surprised support didn't help...likely because you are dealing with first level. Talk to your SE and get it escalated to back line support/engineers.

thanks - I had seen that but was reluctant to change the settings as it's not really a fix....the Symantec document doesn't refer to Microsofts keep alive

you think this is what needs to be changed? looking at another document for Windows XP settings it says the following

KeepAliveInterval

KeepAliveTime

yes u can change that 5mins 3000 secs to a higher value.

Hi, thanks very much

just checking it now with a registry change....although i don't fancy rolling this out

Still - I shouldn't have to do this, i'm sure other firewall products don't suffer this problem.

I'll let you know how I get on with this

cheers

hmmmm registry change has made no difference to my machine for RDP sessions - i set it to 2.5 mins.....session still times out after 5 mins.....

I'll check I've set it correctly

Just to confirm - that registry setting did not work :-(