I've been having some issues with proxy authentications failing in a federated TCP/TLS configuration. Investigation shows that the connections are failing with an error on the server end of "Info: Ignoring new connection due to client max_connections". A little more digging seems to show that the connections are not being gracefully closed. I suspect this is due to a firewall cleaning up idle TCP translation slots since there are currently few authentication attempts. I've seen the lifetime keyword in a number of sample configurations here and the configuration parser seems to take it when I run the service in debug mode. However, the idle_timeout keyword is silently ignored and the server doesn't seem to be cleaning up old connections based on either the idle_timeout or the max lifetime. I can't find references to either lifetime or idle_timeout in the sample configurations or a quick review of the documentation as it relates to clients.conf. So my questions areĀ 1.) Are the keywords lifetime and idle_timeout supported in clients.conf? 2.) If they are, is there a known bug that would cause them to not work? 3.) If they aren't, would there be value to someone other than me to add this feature? (Yes, I know this means I volunteer, lol).) 4.) In addition to lifetime and idle_timeout, would something like a keep alive be reasonable? Thanks. Any and all feedback is welcome. Jason Rohm Communication Architect jason.rohm@srctechnologies.com