Skip to content

300+ DevOps learning assets — start with the Portal

GrokDevOps Wiki

Grading Checklist: TCP Connections Reset After Idle Period

grokdatum/grokdevops

Home
Portal
Practice
Lessons
Ansible
Linux
Networking
Datacenter & Hardware
Kubernetes
DevOps & Tooling
CLI Tools
Observability
Security
Cloud
Deep Dives
Cheatsheets
Guides

GrokDevOps Wiki

grokdatum/grokdevops

Home
Portal
Practice
Lessons
Ansible
Linux
Networking
Datacenter & Hardware
Kubernetes
DevOps & Tooling
CLI Tools
Observability
Security
Cloud
Deep Dives
Cheatsheets
Guides

case-study networking tcp_ip

Grading Checklist: TCP Connections Reset After Idle Period¶

Identified the stateful firewall as the device generating or causing the RST
Explained how stateful firewalls track connections and expire idle entries
Checked firewall conntrack/session timeout configuration
Compared firewall timeout to application keepalive interval
Noted that the firewall timeout (3600s) is shorter than the app keepalive or that no keepalive is configured
Proposed fix: reduce TCP keepalive interval below firewall timeout
Mentioned alternative fix: increase firewall session timeout
Discussed OS-level TCP keepalive settings (tcp_keepalive_time, tcp_keepalive_intvl, tcp_keepalive_probes)
Explained that after conntrack entry expires, subsequent data packets are seen as invalid and get RST
Mentioned testing by placing client and server on the same subnet to isolate firewall as the cause
Considered application-level keepalive/heartbeat as another layer of defense
Noted that the issue correlates with the new firewall deployment

March 27, 2026 01:19:38 March 5, 2026 18:35:55

Made with Material for MkDocs