11-26-2007 09:19 AM
11-26-2007 11:44 PM
11-27-2007 12:23 AM
11-28-2007 11:15 AM
JNCIE-SP, JNCIE-ENT, JNCIE-SEC, JNCI, CISSP, PCNSE, VCP-DV
Check out my blog at ShortestPathFirst
If this post was helpful, please mark this post as an "Accepted Solution".
Kudos are always appreciated!
01-29-2008 03:20 PM
For one reason or another I created the custom service Netbios for Netbios(NS). Wait, now I recall, although the firewall will detect and block 'Netscreen (NS)' packets, there doesn't seem to be a correlating predefined entry to allow for it when making a policy. Anyway, the service is setup as:
Netbios TCP src port: 0-65535, dst port: 137-137 30 Edit Remove
As you can see, the timeout is 30 minutes, yet in my firewall I constantly see:
2008-01-29 16:34:42 172.31.202.4:34113 10.200.1.2:137 172.31.202.4:34113 10.200.1.2:137 NETBIOS (NS) 60 sec. 96 102 Close - AGE OUT
2008-01-29 16:34:26 172.31.202.4:34112 10.200.1.2:137 172.31.202.4:34112 10.200.1.2:137 NETBIOS (NS) 59 sec. 96 102 Close - AGE OUT
So I went looking for a reason, since these sessions should not 'age out' at around the 60 second marker. Is there something behind the scenes that I am missing??
02-17-2012 06:13 AM - edited 02-17-2012 06:14 AM
how do you explain that closeage out could be appear, before timer 30 min regarding a TCP session ?
it seems the case , for us on a cluster ISG2k.
02-20-2012 02:08 AM
I would recommend to run debug and check if there are RPC mapping table hits as described in KB15038 "Sessions on Microsoft Active Directory Services Time Out Earlier Than Expected".