We had some connection issues when we exchanged a Checkpoint FW-1 with a Juniper SRX650.
It seems that Checkpoint behaves very different when a TCP Idle Timeout is reached:
- The default for TCP idle timeout is 1 hour on Checkpoint whereas it seems to be 4 hours on a SRX650 (10.3R2)
- Checkpoint sends a reset to the source and destination when removing a connection from the session table
What's the behaviour of an SRX?
Is the TCP idle timeout always 4 hours?
What does an SRX do when the timeout is reached? Silently remove it from the session table without notifying the source/destination? Is this configurable?
I couldn't find any hints to the above questions in this forum and in the Internet. Any feedback is welcome.
Regards,
Christoph