What VMware told me was that by setting these to 0, we are essentially disabling the DDOS protection mechanism on the UAG. Our health monitor from the NetScaler would send a health probe every few seconds and eventually the UAG would stop accepting new connections becuause it thought it was being attacked and DDOS'ed. I kept having to reboot the UAG's every so often and this was the root cause.

So there maybe a better way to correctly set the health probe to send a connection: close but we didn't have the time and didn't want to risk additional outages.