DFW session idle/timeout is shorter than normal.

DFW flows are in an incorrect state in vsipioctl getconnections. After flows complete a TCP 3-way handshake, the state for flows should be EST:EST (established:established). However, flows are shown in SYNSENT:CLOSED state.

1e4c017400000a4b Active tcp 0800 OUT 1003 (ids-rule : 1005) 0 0 (D) A.A.A.A:Unknown(54826) -> B.B.B.B:ssh(22) 229 SYNSENT:CLOSED rtt 0 retrans 0/0 6948 3484 40 23 tmo 22 (98)

Session idle/timeout is set to be the value of Opening (default value is 120s), instead of Established (default value is 43200s)

DFW and IDS are enable in VMware NSX.

There is no VDPI channel created; so that the path to IDS module in user space is down. In this condition, DFW does not update the connection state correctly.

SSH to the ESXi host, run "/etc/init.d/nsx-vdpi restart" to restart VDPI process.

If the above does not workaround the issue, create a session timer and configure an appropriate value for "Opening"
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-647F5155-FFF1-4CD8-9FD2-A40F4225D661.html