ScreenOS Firewalls (NOT SRX)
Reply
Contributor
jiangu
Posts: 60
Registered: ‎05-11-2010
0

SSH session timeout in ScreenOS

Hi, all,

 

We have a pair of SSG320 between office and datacenter, IPsec VPN tunnel are configured between the two SSGs, we have been experiencing ssh broken pipe problem when a user ssh from office desktop to Linux servers in datacenter due to in-activity (some times hours, some times less than 30 minutes), this problem happens to both Windows(putty) and Mac OS users, we don't have the problem if we ssh to office Linux servers, so this is mostly due to Netscreen is tearing down ssh sessions due to in-activity, I have set ssh timeout to 12hrs  (set service "SSH" timeout 720) on both firewalls,this command does not seem to be taking any effect. Anybody experience the same problem?

 

Thanks,

 

Super Contributor
lanman
Posts: 68
Registered: ‎11-27-2010
0

Re: SSH session timeout in ScreenOS

The service "SSH" timeout command is probably only working when this sevice is matched in a policy. The default TCP timeout is 30 minutes and will probably cause the disconnects. Maybe as a workaround you can set the keepalive option on your SSH client. In Putty this is found under "connections": "Seconds between keepalives". Entering a value of 300 will send a null packet every 5 minutes.

 

Steve

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.