SSH session timeout in Checkpoint Firewall


It is no fun when in the middle of fw monitor / debug session you get abruptly disconnected on SSH session timeout. Here is how to prevent it in the Checkpoint firewall. The session timeout is defined in cat /etc/bashrc:
# By default, log out the user after three minutes of unattended prompt
export TMOUT=180
export SHELL=/bin/bash
# Take into account idle setting of cpshell, if available
if [ -f /etc/cpshell/cpshell.state ]; then
   idle=$(grep idle /etc/cpshell/cpshell.state | sed s/idle=//)
   if [ $idle"UNDEFINED" = "UNDEFINED" ]; then
          idle=3
   fi
   export TMOUT=expr $idle \* 60
fi

To change the default timeout for ssh session you can:
1) Set idle variable in /etc/cpshell/cpshell.state to be later multiplied

    cat /etc/cpshell/cpshell.state
    audit=100
    idle=100
    scroll=1

2) Change TMOUT directly to any number of seconds you wish and export it to activate:

export TMOUT=7000

I personally when working on client's firewall am setting it manually  when long  debug session is expected:

[Expert@cp]# TMOUT=700
[Expert@cp]# export TMOUT