In order to verify TCP Keep Alive is working, you can capture network traces and produce a disconnection from the Web Agent to the Policy Server. When the server detects the other end is disconnected, it will send the keep alive packets which will be seen in the network trace.
This can be done easier by using your firewall to set a rule to drop the requests from the Web Agent to the Policy Server when capturing the network traces. Then, depending on the OS TCP Keep Alive settings, you will see the packets being sent in the network traces following the intervals set in the system.
First, verify that the environment variable is correctly set to 1 in both servers by checking the current variables: SM_ENABLE_TCP_KEEPALIVE=1
You can check the current TCP Keep Alive settings in your OS to know for example the current interval, so you can see what to expect on the network traces:
# cat /proc/sys/net/ipv4/tcp_keepalive_time
# cat /proc/sys/net/ipv4/tcp_keepalive_intvl
# cat /proc/sys/net/ipv4/tcp_keepalive_probes
If need to change any values, you can echo the new one:
# echo 600 > /proc/sys/net/ipv4/tcp_keepalive_time
Do not change any value without consulting your sysadmin. For more information on OS TCP Keep Alive settings, check OS vendor documentation: RedHat Support Portal - TCP Keep Alive
Also, remember that you need to restart the services after setting the SM_ENABLE_TCP_KEEPALIVE environment variable for the changes to be applied.
The Keep Alive packets in your network traces will look like the following:
17922 10:33:21.988218 <PS IP> <WA IP> TCP 66 [TCP Keep-Alive] 44443 → 45935 [ACK] Seq=230 Ack=155 Win=14528 Len=0 TSval=4180041061 TSecr=3010560045
17949 10:33:23.263118 <PS IP> <WA IP> TCP 66 [TCP Keep-Alive] 44443 → 45934 [ACK] Seq=20290 Ack=1367 Win=17152 Len=0 TSval=4180042336 TSecr=3010561322
17986 10:33:25.324121 <PS IP> <WA IP> TCP 66 [TCP Keep-Alive] 44443 → 45938 [ACK] Seq=230 Ack=155 Win=14528 Len=0 TSval=4180044397 TSecr=3010563383
17987 10:33:25.330148 <PS IP> <WA IP> TCP 66 [TCP Keep-Alive] 44443 → 45937 [ACK] Seq=17241 Ack=230 Win=14528 Len=0 TSval=4180044403 TSecr=3010563389
If you are using WireShark tool to review the network traces, you can use the filter "tcp.analysis.keep_alive" to see only these packets.