Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SAP (business application) disconnecting

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 3 Posters 910 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NGUSER6947
      last edited by

      I've been experiencing daily SAP dropouts. Support is asking me to enable TCP Keepalive. I've not messed with any of those types of settings before in pfSense. Can anyone provide any assistance?

      This application (SAP) only runs on my work computer, which is the only device on the OPT interface on my SG-1100.

      They also suggested increasing the DHCP lease time to the maximum available duration.

      Appreciate any suggestions.

      M 1 Reply Last reply Reply Quote 0
      • M
        michmoor LAYER 8 Rebel Alliance @NGUSER6947
        last edited by

        @nguser6947 Is your work computer on a company VPN when these dropouts happen?

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        N 1 Reply Last reply Reply Quote 0
        • N
          NGUSER6947 @michmoor
          last edited by NGUSER6947

          @michmoor Yes, ZScaler. They (the ZScaler support folks) can see the dropouts. They've changed some other settings inside the VPN but the problem persists.

          Unfortunately I can't run the SAP application at all with the VPN disconnected, to be able to test it. Without the VPN it won't launch.

          M 1 Reply Last reply Reply Quote 0
          • M
            michmoor LAYER 8 Rebel Alliance @NGUSER6947
            last edited by

            @nguser6947 Dont really see how this is related to pfsense in any way.
            Are you able to use zScaler on another machine and connect to SAP? If so do the disconnects continue?

            Firewall: NetGate,Palo Alto-VM,Juniper SRX
            Routing: Juniper, Arista, Cisco
            Switching: Juniper, Arista, Cisco
            Wireless: Unifi, Aruba IAP
            JNCIP,CCNP Enterprise

            N 1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              You can just set the firewall optimisation to conservative to increase the state timeouts:

              https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#firewall-optimization-options

              A TCP keep-alive would be something inside the VPN which I assume is from your client on OPT to the remove Zscaler device directly.

              Steve

              N 1 Reply Last reply Reply Quote 0
              • N
                NGUSER6947 @michmoor
                last edited by

                @michmoor said in SAP (business application) disconnecting:

                @nguser6947 Dont really see how this is related to pfsense in any way.
                Are you able to use zScaler on another machine and connect to SAP? If so do the disconnects continue?

                I don't see how either. I'm just trying to comply with their requests, to eliminate potential sources of the issue.

                Others in the company, for the most part, do not have this issue and it is only that one application that exhibits this symptom.

                1 Reply Last reply Reply Quote 0
                • N
                  NGUSER6947 @stephenw10
                  last edited by

                  @stephenw10 said in SAP (business application) disconnecting:

                  You can just set the firewall optimisation to conservative to increase the state timeouts:

                  https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#firewall-optimization-options

                  A TCP keep-alive would be something inside the VPN which I assume is from your client on OPT to the remove Zscaler device directly.

                  Steve

                  I'll follow those instructions, thank you!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.