summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/sync/alarm/conntrackd.conf14
-rw-r--r--doc/sync/ftfw/conntrackd.conf14
-rw-r--r--doc/sync/notrack/conntrackd.conf14
3 files changed, 30 insertions, 12 deletions
diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf
index db7d99e..39741b3 100644
--- a/doc/sync/alarm/conntrackd.conf
+++ b/doc/sync/alarm/conntrackd.conf
@@ -18,11 +18,17 @@ Sync {
CacheTimeout 180
#
- # Entries committed to the connection tracking table
- # starts with a limited timeout of N seconds until the
- # takeover process is completed.
+ # This parameter allows you to set an initial fixed timeout
+ # for the committed entries when this node goes from backup
+ # to primary. This mechanism provides a way to purge entries
+ # that were not recovered appropriately after the specified
+ # fixed timeout. If you set a low value, TCP entries in
+ # Established states with no traffic may hang. For example,
+ # an SSH connection without KeepAlive enabled. If not set,
+ # the daemon uses an approximate timeout value calculation
+ # mechanism. By default, this option is not set.
#
- CommitTimeout 180
+ # CommitTimeout 180
#
# If the firewall replica goes from primary to backup,
diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index 69572cf..93f7a44 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -15,11 +15,17 @@ Sync {
# ResendQueueSize 131072
#
- # Entries committed to the connection tracking table
- # starts with a limited timeout of N seconds until the
- # takeover process is completed.
+ # This parameter allows you to set an initial fixed timeout
+ # for the committed entries when this node goes from backup
+ # to primary. This mechanism provides a way to purge entries
+ # that were not recovered appropriately after the specified
+ # fixed timeout. If you set a low value, TCP entries in
+ # Established states with no traffic may hang. For example,
+ # an SSH connection without KeepAlive enabled. If not set,
+ # the daemon uses an approximate timeout value calculation
+ # mechanism. By default, this option is not set.
#
- CommitTimeout 180
+ # CommitTimeout 180
#
# If the firewall replica goes from primary to backup,
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index 1df79a1..39a5faa 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -4,11 +4,17 @@
Sync {
Mode NOTRACK {
#
- # Entries committed to the connection tracking table
- # starts with a limited timeout of N seconds until the
- # takeover process is completed.
+ # This parameter allows you to set an initial fixed timeout
+ # for the committed entries when this node goes from backup
+ # to primary. This mechanism provides a way to purge entries
+ # that were not recovered appropriately after the specified
+ # fixed timeout. If you set a low value, TCP entries in
+ # Established states with no traffic may hang. For example,
+ # an SSH connection without KeepAlive enabled. If not set,
+ # the daemon uses an approximate timeout value calculation
+ # mechanism. By default, this option is not set.
#
- CommitTimeout 180
+ # CommitTimeout 180
#
# If the firewall replica goes from primary to backup,