Pix 6.x and 7.x timeout settings for specific rules?

Unanswered Question
Jul 25th, 2007
User Badges:


I have a request from some of our internal app developers who have WBI and MQ sessions across DMZ domains to expand the timeout values on the firewall for their apps. As far as I can tell, the timeout values are global for the entire firewall TCP/IP stack. Does anyone know of a way I can make timeouts longer for a specific IP or port in the rules? Or, as I have already told my developers, this isn't possible :-)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 07/25/2007 - 10:47
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Toby


On 6.x you are right the timeouts are global.


However i believe on 7.x you can use a class map for particular traffic and apply the timeout to that class rather than globally across the whole firewall. Have a look at the attached config doc for ASA Modular Policy Framework.


http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/mpc.html


HTH


Jon




tobyhouser Thu, 07/26/2007 - 10:04
User Badges:

Jon ... thanks for the link. It looks promising.

We're going to do some experimenting and see how it goes.

Actions

This Discussion