The TCP idle timeout for the firewall is 2.5 hours instead of the ipfilter default of 10 days (!) to keep the state table from filling up with dead connections. This value can be modified on the advanced setup page, though that is not recommended. So of course if your SSH connection doesn't transfer a single byte for two hours, the ipfilter state table entry is deleted and the connection breaks. Turning on keep-alives in your SSH client is the recommended means of avoiding broken sessions.