Print Download PDF Send Feedback

Previous

Next

Configuring Connection Timeout for ICAP Connections

Description

To release idle connections and unresponsive sessions to ICAP Servers, you can adjust the connection timeout (in seconds) in the ICAP Client.

Configuring the connection timeout

You configured the connection timeout as a value of the specific kernel parameter:

Item

Description

Name

icap_blade_conn_pool_timeout

Type

Integer

Notes

  • Default value is 300 (seconds)
  • The ICAP Server should maintain its own Timeout/KeepAliveTimeout configurations to handle unexpected traffic lost from the ICAP Client side (for example, due to reboot or disconnect)

For general instructions, see Working with Kernel Parameters on Security Gateway.

To print the current connection timeout value

# fw ctl get int icap_blade_conn_pool_timeout

Example:

[Expert@GW:0]# fw ctl get int icap_blade_conn_pool_timeout
icap_blade_conn_pool_timeout = 300
[Expert@GW:0]#

To set the desired connection timeout value temporarily

# fw ctl set int icap_blade_conn_pool_timeout <Number>

Additional Information

You can cancel the reuse of ICAP Client-to-Server connections on your Security Gateway for ICAP requests/responses. Use this kernel parameter:

Item

Description

Name

icap_blade_enable_reuse_opt

Type

Integer

Notes

  • Accepted values:
    • 0 - Security Gateway does not reuse the ICAP Client-to-Server connections
    • 1 - Security Gateway reuses the ICAP Client-to-Server connections - each connection is reused and not closed after handling the successful ICAP requests
  • Default value: 1