Configuring Connection Timeout for ICAP Connections

Description

To release idle connections and unresponsive sessions to ICAP Servers, you can adjust the connection timeout (in seconds) in the ICAP Client.

Configuring the connection timeout

You configured the connection timeout as a value of the specific kernel parameter:

Item	Description
Name	`icap_blade_conn_pool_timeout`
Type	Integer
Notes	Default value is 300 (seconds) The ICAP Server should maintain its own Timeout/KeepAliveTimeout configurations to handle unexpected traffic lost from the ICAP Client side (for example, due to reboot or disconnect)

To print the current connection timeout value

# fw ctl get int icap_blade_conn_pool_timeout

Example:

[Expert@GW:0]# fw ctl get int icap_blade_conn_pool_timeout
icap_blade_conn_pool_timeout = 300
[Expert@GW:0]#

To set the desired connection timeout value temporarily

# fw ctl set int icap_blade_conn_pool_timeout <Number>

Additional Information

You can cancel the reuse of ICAP Client-to-Server connections on your Security Gateway for ICAP requests/responses. Use this kernel parameter:

Item	Description
Name	`icap_blade_enable_reuse_opt`
Type	Integer
Notes	Accepted values: `0` - Security Gateway does not reuse the ICAP Client-to-Server connections `1` - Security Gateway reuses the ICAP Client-to-Server connections - each connection is reused and not closed after handling the successful ICAP requests Default value: `1`