Firewall connections Timeout ????

Unanswered Question
Mar 12th, 2008

Hi all,

Our firewall has the default timeout for idle connections and is set at 1 hour.

i know i can change this, but my question is this :

Is there a way that i can configure the firewall, to have different idle timeouts for for different groups based on their IP, or subnet or something similar i can use to differentiate the groups ?

thanks ,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Jon Marshall Thu, 03/13/2008 - 02:29


Which firewall hardware and what version of code are you running. The short answer is yes you can do this if your are running v7.x code or later (v3.x code on an FWSM). If you are running v6.x code (v2.x on an FWSM) you cannot do this as the timeouts are global.

If you let me know hardware/software i can send you a link.


g-serghiou Fri, 03/14/2008 - 04:32

Its very helpful actually...

i also left u 5 rating score !!! (ifi remember correctly !!)

i never said it was nto helpful,

and once again,

thanks for your help !!!


Jon Marshall Fri, 03/14/2008 - 04:36


Apologies, it's the way the responses sometimes are presented. I wasn't referring to your rating or response, rather the fact that someone else rated my original response in this thread as not helpful.

My comment was not intended for you. Many thanks for your rating, hope that clears things up


g-serghiou Fri, 03/14/2008 - 04:56

no worries Jon !!!

im clear with things...ill see what they want to achieve and come up with a suitable solution !!!

Thanks again


Herbert Baerten Fri, 03/14/2008 - 04:21

Yes, you can set the connection timeout in a policy-map, so you can specify different values per class.


The example here has a class-map matching destination IP and port, but you can just as well match on source IP address.

If you need more help let us know.

[edit] Sorry, hadn't noticed this had been answered already :)

g-serghiou Fri, 03/14/2008 - 04:58

hi hebaerte

thanks for your reply as well...

all replies were/are welcome and helpful...

Thanks all,



This Discussion