Being on the Azure cloud, I found that the firewalls there drop connections between the Web server and the database quite often. Mostly when there was some inactivity, I think something between 5 and 10 minutes. So I did some research and found this seems to be a common issue.
The problem seems basically solvable by setting some keep alive. (1) (2) (3)
So it boils down to a way Firewalls handle TCP connections:
It's a very common issue, when you are behind a NAT proxy or a firewall, to be disconnected without a reason. This behavior is caused by the connection tracking procedures implemented in proxies and firewalls, which keep track of all connections that pass through them. Because of the physical limits of these machines, they can only keep a finite number of connections in their memory. The most common and logical policy is to keep newest connections and to discard old and inactive connections first.
(from TCP Keepalive HOWTO)
Does this mean a firewall/NAT can drop TCP connections whenever it wants? Like after 2 seconds inactivity? Or is there something that prevents us from fearing that no connection is safe from the firewall?
Theoretically, yes, any router or firewall can decide to drop your connection . Which is obvious, of course, because you can't make any piece of hardware do exactly what you want by sending the proper TCP packets. It's up to the router how to deal with it.
In practice, it's exactly what you quoted. To prevent it, you must make sure there is activity on the line. For example, when I have SSH sessions, I run a tmux session in them with a clock, so there is some activity every minute.
Also, I tend to use Linux PC's as routers and firewalls, as they tend to have enough memory never to kill any inactive connection. It's mostly a consumer grade hardware issue.