Symptom
Active TCP connections are disconnected exactly after the TCP default timeout of 1 hour, even though there is traffic that is passing through.
The logs will show SYN timeout even for established connections:
Aug 13 2021 14:28:15: %FTD-6-302014: Teardown TCP connection 1823 for INSIDE:192.0.2.50/56154 to OUTSIDE:198.51.100.2/22 duration 1:00:01 bytes 6500 SYN Timeout
Conditions
One or more of the following conditions must match:
- SSL policy with 1 or more decryption rules.
- TLS Server Identity Discovery/Early application detection and URL categorization is enabled in the Advanced section of the access control policy.
- Identity policy with active authentication using capture portal.
Workaround
1. Configuring a Pre-Filter Rule that matches the traffic with Fastpath action (or) disable SSL rules.
For VPN traffic, check the "Bypass Access Control policy for decrypted traffic (sysopt permit-vpn)" under "Access Interfaces" tab of Remote Access VPN policy.
2. Disable Early application detection under Advanced section of the access control policy.
Further Problem Description
