A new (NAT) firewall appliance was recently installed at $WORK. Since then, I'm getting many network timeouts and interruptions, especially for operations which would require the server to think for a bit without a response (svn update, rsync, etc.). Inbound SSH sessions over VPN also timeout frequently.

That clearly suggests I need to adjust the TCP (and ssh) keepalive time on the servers in question in order to reduce these errors.

But what is the appropriate value I should use?

Assuming I have machines on both sides of the firewall between which I can make a connection, is there a way to measure what the time limit on TCP connections might be for this firewall?

In theory, I would send a packet with gradually increasing intervals until the connection is lost. Any tools that might help (free or open source would be best, but I'm open to other suggestions)?

The appliance is not under my control, so I can't just get the value, though I am attempting to ask what it currently is and if I can get it increased.