You are here

Understanding Connect Timeouts for Back-ends

Affects version(s): 
5.0
4.2.6.2

Introduction

Depending on security requirements, Airlock is configured to communicate with back-end servers using HTTP or HTTPS. Airlock comes with a well-proven default setting for connect timeouts. Generally it is possible to adapt this default setting, if needed.

Behavior on Airlock prior to 4.2.6.2 vs. 4.2.6.2 / 5.0

Up to 4.2.6.1
The expert setting "BackendConnectTimeout" is used for HTTP and HTTPS connections to back-end servers. There is only one global expert setting, which is used for all back-end servers.

4.2.6.2 / 5.0 and later
The expert setting "BackendConnectTimeout" is used for HTTP connections. The new expert setting "BackendSSLConnectTimeout" is used for HTTPS connections. It is possible to configure this expert settings globally on Airlock or only for a specific back-end group.

Known impact after update

No custom connect timeout
Customers who used Airlock's default connect timeout are not affected. They will get the new default settings automatically.

Custom connect timeout
Customers who configured their own connect timeout might be affected by the update. The expert setting "BackendConnectTimeout" was previously used for HTTP and HTTPS. With this new version, it is only used for HTTP. As a result, Airlock's new default setting for HTTPS is used instead of the formely used custom setting. To reproduce the same behavior as before the update, configure the expert settings "BackendConnectTimeout" and "BackendSSLConnectTimeout" with the same value.

New settings in Airlock 4.2.6.2 / 5.0

As mentioned before, there are now two expert settings available to configure the connect timeout for HTTP and HTTPS separately.

The following setting defines the timeout to establish an HTTP connection to the back-end server. The timeout is in seconds and includes DNS lookup (if configured) and TCP handshake.

SecurityGateway * BackendConnectTimeout "3"

The following setting defines the timeout to establish an HTTPS connection to the back-end server. The timeout is in seconds and includes DNS lookup (if configured), TCP handshake and SSL handshake.SecurityGateway * BackendSSLConnectTimeout "7" The following settings are also available for specific back-end groups:

SecurityGateway * BackendGroup.[backendGroup].BackendConnectTimeout "3"
SecurityGateway * BackendGroup.[backendGroup].BackendSSLConnectTimeout "7"

Knowledge Base Categories: