Checking my audit logs on a problem rule I saw this event" event: ip filter session timeout I goggled it, scanned the sidewinder manual for this error. I have found nothing.
Every session through the firewall has a timeout value. If no data is sent on that session for a certain amount of time the session is closed and it's audited as an 'IP filter session timeout.'
So I think the solution to this one was making my own filter on port 22 and not using the ssh proxy.