ProxySG & Advanced Secure Gateway

Hello everyone,

Any idea of this long duration session?

Thanks in advance
SDKIM

------------------------------
Manager
------------------------------

Hello SDKIM, 

The logs sessions are there because the client or the server side keeps on sending packets trough maintaining the TCP session open, the default timeout is 2 minutes, so if there are packets send across between the two parties than the session will stay open,  so all is working as expected.
You can take a policy trace and a pcap for the source ip and destination to find out more on the packet level.
If you are looking for what is registry-1.docker.io, a simple google search will have the answer my friend :)

I hope this helps.
Slava
Original Message:
Sent: 01-11-2021 08:38 PM
From: Sangdae Kim
Subject: Why some sessions are not terminated by the session timeout

Hello everyone,

Any idea of this long duration session?

Thanks in advance
SDKIM

------------------------------
Manager
------------------------------

Hello Slava,

Thank you for your reply.
If there are some packets between the client to OCS, your explanation is ok.
but there wasn't any packet for many hours but sessions kept open.

SDKIM

------------------------------
Manager
------------------------------

Original Message:
Sent: 01-14-2021 10:38 AM
From: Slava Vasilasco
Subject: Why some sessions are not terminated by the session timeout

Hello SDKIM,

The logs sessions are there because the client or the server side keeps on sending packets trough maintaining the TCP session open, the default timeout is 2 minutes, so if there are packets send across between the two parties than the session will stay open,  so all is working as expected.
You can take a policy trace and a pcap for the source ip and destination to find out more on the packet level.
If you are looking for what is registry-1.docker.io, a simple google search will have the answer my friend :)

I hope this helps.
Slava
Original Message:
Sent: 01-11-2021 08:38 PM
From: Sangdae Kim
Subject: Why some sessions are not terminated by the session timeout

Hello everyone,

Any idea of this long duration session?

Thanks in advance
SDKIM

------------------------------
Manager
------------------------------

Hello SDKIM, 

How did you determined that there are no packets between the client IP + proxy + destination url ?, please provide in depth details of you approach and what have you done to arrive to that conclusion ?

Slava
Original Message:
Sent: 01-20-2021 05:04 PM
From: Sangdae Kim
Subject: Why some sessions are not terminated by the session timeout

Hello Slava,

Thank you for your reply.
If there are some packets between the client to OCS, your explanation is ok.
but there wasn't any packet for many hours but sessions kept open.

SDKIM

------------------------------
Manager

Original Message:
Sent: 01-14-2021 10:38 AM
From: Slava Vasilasco
Subject: Why some sessions are not terminated by the session timeout

Hello SDKIM,

The logs sessions are there because the client or the server side keeps on sending packets trough maintaining the TCP session open, the default timeout is 2 minutes, so if there are packets send across between the two parties than the session will stay open,  so all is working as expected.
You can take a policy trace and a pcap for the source ip and destination to find out more on the packet level.
If you are looking for what is registry-1.docker.io, a simple google search will have the answer my friend :)

I hope this helps.
Slava
Original Message:
Sent: 01-11-2021 08:38 PM
From: Sangdae Kim
Subject: Why some sessions are not terminated by the session timeout

Hello everyone,

Any idea of this long duration session?

Thanks in advance
SDKIM

------------------------------
Manager
------------------------------

Hello Slava,

As you can see from the picture, the duration are from 12hours to 18hours but the client and server bytes are all same.
and even I refreshed, there wasn't any changes on both client and server bytes.
That's why I thought there was not any packets between client and server.

Thanks & Regards
SDKIM

------------------------------
Manager
------------------------------

Original Message:
Sent: 01-22-2021 12:43 AM
From: Slava Vasilasco
Subject: Why some sessions are not terminated by the session timeout

Hello SDKIM,

How did you determined that there are no packets between the client IP + proxy + destination url ?, please provide in depth details of you approach and what have you done to arrive to that conclusion ?

Slava
Original Message:
Sent: 01-20-2021 05:04 PM
From: Sangdae Kim
Subject: Why some sessions are not terminated by the session timeout

Hello Slava,

Thank you for your reply.
If there are some packets between the client to OCS, your explanation is ok.
but there wasn't any packet for many hours but sessions kept open.

SDKIM

------------------------------
Manager

Original Message:
Sent: 01-14-2021 10:38 AM
From: Slava Vasilasco
Subject: Why some sessions are not terminated by the session timeout

Hello SDKIM,

The logs sessions are there because the client or the server side keeps on sending packets trough maintaining the TCP session open, the default timeout is 2 minutes, so if there are packets send across between the two parties than the session will stay open,  so all is working as expected.
You can take a policy trace and a pcap for the source ip and destination to find out more on the packet level.
If you are looking for what is registry-1.docker.io, a simple google search will have the answer my friend :)

I hope this helps.
Slava
Original Message:
Sent: 01-11-2021 08:38 PM
From: Sangdae Kim
Subject: Why some sessions are not terminated by the session timeout

Hello everyone,

Any idea of this long duration session?

Thanks in advance
SDKIM

------------------------------
Manager
------------------------------

Hello SDKIM, 

Thank you for the response, perhaps there are no changes in the bytes because those sessions are all the same as the communication between the client and the destination is the same.
If you really want to find out more you will need to take a packet capture on the proxy , with the filter for that source client IP and that destination URL, also a policy trace for that user IP, and even a packet capture on your firewall for comparasing the data.

Slava
Original Message:
Sent: 01-24-2021 05:16 PM
From: Sangdae Kim
Subject: Why some sessions are not terminated by the session timeout

Hello Slava,

As you can see from the picture, the duration are from 12hours to 18hours but the client and server bytes are all same.
and even I refreshed, there wasn't any changes on both client and server bytes.
That's why I thought there was not any packets between client and server.

Thanks & Regards
SDKIM

------------------------------
Manager

Original Message:
Sent: 01-22-2021 12:43 AM
From: Slava Vasilasco
Subject: Why some sessions are not terminated by the session timeout

Hello SDKIM,

How did you determined that there are no packets between the client IP + proxy + destination url ?, please provide in depth details of you approach and what have you done to arrive to that conclusion ?

Slava
Original Message:
Sent: 01-20-2021 05:04 PM
From: Sangdae Kim
Subject: Why some sessions are not terminated by the session timeout

Hello Slava,

Thank you for your reply.
If there are some packets between the client to OCS, your explanation is ok.
but there wasn't any packet for many hours but sessions kept open.

SDKIM

------------------------------
Manager

Original Message:
Sent: 01-14-2021 10:38 AM
From: Slava Vasilasco
Subject: Why some sessions are not terminated by the session timeout

Hello SDKIM,

The logs sessions are there because the client or the server side keeps on sending packets trough maintaining the TCP session open, the default timeout is 2 minutes, so if there are packets send across between the two parties than the session will stay open,  so all is working as expected.
You can take a policy trace and a pcap for the source ip and destination to find out more on the packet level.
If you are looking for what is registry-1.docker.io, a simple google search will have the answer my friend :)

I hope this helps.
Slava
Original Message:
Sent: 01-11-2021 08:38 PM
From: Sangdae Kim
Subject: Why some sessions are not terminated by the session timeout

Hello everyone,

Any idea of this long duration session?

Thanks in advance
SDKIM

------------------------------
Manager
------------------------------

The default is that session does not time out and once a device is authorized it may remain there until the device disconnects, switch reboots, or a CoA is issued for the device.
Original Message:
Sent: 01-11-2021 08:38 PM
From: Sangdae Kim
Subject: Why some sessions are not terminated by the session timeout

Hello everyone,

Any idea of this long duration session?

Thanks in advance
SDKIM

------------------------------
Manager
------------------------------

So if there are bundles send across between the two gatherings than the meeting will remain open, so everything is filling in true to form and You can take an approach follow and a pcap for the source ip and objective to discover more on the parcel level.
Original Message:
Sent: 01-11-2021 08:38 PM
From: Sangdae Kim
Subject: Why some sessions are not terminated by the session timeout

Hello everyone,

Any idea of this long duration session?

Thanks in advance
SDKIM

------------------------------
Manager
------------------------------