CSM 3.3.1 : TCP port Timeout for special ports

martin.payette · ‎01-13-2010

Hi,

I would need to create new TCP ports in CSM to be able to increase the timeout (24 hrs or 86400 sec)

Would it work if I create a new inspect? is it the best way of doing this?

I know we cannot use the "timeout con" attribute (because it will modify ALL TCP timeouts)

Best regards,

Panos Kampanakis · ‎01-13-2010

Yes that is what you want to do. You don't want to change the tcp global timeout.

It will be put in a new class map under a policy map.

It is the "set connection" option under the class-map.

It is under setting the Modular Policy Framework options for connections in CSM.

I hope it helps.

PK

martin.payette · ‎01-14-2010

Hi PK,

thank you for your quick answer.

I have played with Inspects (Inspection Rules), I have found out that I am limited to 12 hrs as a MAX timeout.

So if I understand correctly, the only way I can configure a single TCP port with a timeout of 24hrs is to configure a MPF ( Modular Policy Framework)

Am I correct?

thanks again

Panos Kampanakis · ‎01-14-2010

Yes, you are correct.

to change timeouts for specific tcp ports you need MPF.

PK