This posting is more of an FYI than a question.

We purchased a new software package that is hosted at the vendor site via
Windows terminal services. Simple enough, add a filter to allow traffic
out to that host on the terminal services port provided by the vendor.

What I did for initial testing was to use a stateful filter. This worked
fine for testing because we were constantly using the application. During
training however, there were pockets of idle time and all of my users were
getting timed out from the terminal server.

What seems to have resolved the issue is having 2 non-stateful filters (1
outbound, 1 inbound). What I have surmised is that the keep alive packet
originating from the terminal server was being rejected, hence the
disconnects. Does this make sense?

Thoughts appreciated.

Steve D.