Monitoring the persistence of asynchronous connections

When a filter policy is applied while asynchronous reloading is enabled, TCP/UDP connections will switch to asynchronous mode. They remain in this mode until they are reassessed.

TCP/UDP connections are reassessed in three cases:

  • Receiving or sending a packet for the connection. The connection will then revert to synchronous mode.

  • Connection idle timeout: this timeout can be customized for TCP/UDP connections to suit your architecture and requirements. We recommend that you customize this duration before enabling asynchronous reloading. However, it can also be done when asynchronous reloading is enabled.

  • Manual reassessment: you can launch the immediate reassessment of all TCP/UDP connections, which will then revert to synchronous mode.

First case: receiving or sending a packet for the connection

In this case, the connection is reassessed and reverts to synchronous mode if the new active policy still allows it. If it is no longer allowed, it will be deleted.

Second case: connection idle timeout reached

In this case, the connection will be deleted because it has reached its idle timeout.

You can customize the idle timeout for TCP/UDP connections. We recommend that you adapt this duration to your needs and architecture before enabling the feature.

To customize the connection idle timeout:

  1. Go to Configuration > Application protection > Protocols > IP protocols > TCP-UDP.

  2. In the Timeout (seconds) field, adjust the connection idle timeout value:

    • TCP connection: default value: 3600 seconds (1800 seconds for example),

    • UDP session: default value: 120 seconds (you can keep this value for example).

     

Third case: manual reassessment of connections

You can launch the manual reassessment of all TCP/UDP connections. In this case, they will be immediately reassessed against the active filter policy, and retained or deleted according to the rules defined in the new policy.

To launch the reassessment of all TCP/UDP connections, from the CLI console (Configuration > System > CLI Console), run the following command:

CONFIG FILTER RELOAD