03-12-2008 11:02 PM - edited 03-11-2019 05:16 AM
Hi all,
Our firewall has the default timeout for idle connections and is set at 1 hour.
i know i can change this, but my question is this :
Is there a way that i can configure the firewall, to have different idle timeouts for for different groups based on their IP, or subnet or something similar i can use to differentiate the groups ?
thanks ,
George
03-13-2008 02:29 AM
George
Which firewall hardware and what version of code are you running. The short answer is yes you can do this if your are running v7.x code or later (v3.x code on an FWSM). If you are running v6.x code (v2.x on an FWSM) you cannot do this as the timeouts are global.
If you let me know hardware/software i can send you a link.
Jon
03-14-2008 12:54 AM
Hi,
its a PIX 515 with 7.2(2) version !
Thanks,
George
03-14-2008 01:04 AM
George
Here is a link to configuring per connection/group of connections timeouts.
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/protect.html#wpxref61683
HTH
Jon
03-14-2008 01:55 AM
Thank Jon !!!
03-14-2008 02:15 AM
How is this not helpful ???
03-14-2008 04:32 AM
Its very helpful actually...
i also left u 5 rating score !!! (ifi remember correctly !!)
i never said it was nto helpful,
and once again,
thanks for your help !!!
Georgte
03-14-2008 04:36 AM
George
Apologies, it's the way the responses sometimes are presented. I wasn't referring to your rating or response, rather the fact that someone else rated my original response in this thread as not helpful.
My comment was not intended for you. Many thanks for your rating, hope that clears things up
Jon
03-14-2008 04:56 AM
no worries Jon !!!
im clear with things...ill see what they want to achieve and come up with a suitable solution !!!
Thanks again
George
03-14-2008 04:21 AM
Yes, you can set the connection timeout in a policy-map, so you can specify different values per class.
The example here has a class-map matching destination IP and port, but you can just as well match on source IP address.
If you need more help let us know.
[edit] Sorry, hadn't noticed this had been answered already :)
03-14-2008 04:58 AM
hi hebaerte
thanks for your reply as well...
all replies were/are welcome and helpful...
Thanks all,
George
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: