FWSM: Tcp connection timeout per service?

Answered Question
Jan 31st, 2008

Hi,

I was used (netscreen) that I could set a tcp connection timeout per service, e.g. custom service tcp/9444 timeout 02:00:00.

But with the FWSM I could only specify a connection timeout for all tcp connections? Is that true or is there a way to specify it only for certain connections?

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 8 years 10 months ago

Hi

It depends on which version of code you are running on your FWSM. Roughly speaking

2.x = pix 6.x

3.x = pix 7.x

On pix 6.x you could only set the timeout globally for all tcp connections. With v7.x you can do it on a per port basis. So if you have v3.x on your FWSM yes you can do this.

See attached link for more details

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/mpf_f.html

HTH

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Thu, 01/31/2008 - 02:13

Hi

It depends on which version of code you are running on your FWSM. Roughly speaking

2.x = pix 6.x

3.x = pix 7.x

On pix 6.x you could only set the timeout globally for all tcp connections. With v7.x you can do it on a per port basis. So if you have v3.x on your FWSM yes you can do this.

See attached link for more details

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/mpf_f.html

HTH

Jon

Actions

This Discussion