Hi,

Our own application is at the moment not able without restarting the whole app to create a new TCP Connection after its timed out afet 1 hour; because of this I tried to create a Service Policy rule to increase the TCP Timeout.

TCP SWBSW01.20 172.18.3.28:1922 KVB KVB_VLD_NEU:1526, idle 0:47:33, bytes 232223232, flags UIOB

This connection will be terminated after one hour and I'm trying to create the policy to let in unlimted to tcp/1526.

If I create a new service policy Rule are the already etablished TCP Connection also matched? Or only the new TCP Connection after the Service Policy Rule?

With a global-class (for test) Source Any/Any Service tcp/1526, I had no luck, but I only observed already connected connections.

You would need to do a "clear connection" for that connection for any new rules to take effect (don't do this in the middle of the work-day). Changing any of those timers would not affect existing connections.

You would probably be better off using the tcp-state-bypass feature than trying to set the time to "unlimited". Generally I just set my connection timers to something like 12 hours... unlimited is dangerous and defeats the purpose of having a firewall to begin with.