FWSM: Tcp connection timeout per service?

Answered Question
Jan 31st, 2008
User Badges:

Hi,


I was used (netscreen) that I could set a tcp connection timeout per service, e.g. custom service tcp/9444 timeout 02:00:00.


But with the FWSM I could only specify a connection timeout for all tcp connections? Is that true or is there a way to specify it only for certain connections?



Correct Answer by Jon Marshall about 9 years 5 months ago

Hi


It depends on which version of code you are running on your FWSM. Roughly speaking


2.x = pix 6.x

3.x = pix 7.x


On pix 6.x you could only set the timeout globally for all tcp connections. With v7.x you can do it on a per port basis. So if you have v3.x on your FWSM yes you can do this.


See attached link for more details


http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/mpf_f.html


HTH


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Thu, 01/31/2008 - 02:13
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


It depends on which version of code you are running on your FWSM. Roughly speaking


2.x = pix 6.x

3.x = pix 7.x


On pix 6.x you could only set the timeout globally for all tcp connections. With v7.x you can do it on a per port basis. So if you have v3.x on your FWSM yes you can do this.


See attached link for more details


http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/mpf_f.html


HTH


Jon

Actions

This Discussion