Solved: Re : How to increase a port keepalive time

sanjay.nadarajah · ‎07-05-2010

Hi,

I would like to check if there is a way to increase the timeout/keepalive of ports ? This was recommended
by a vendor but can we do this on the FWSM box ?

Example : To increase the timeout value for port 600-605 to above its default value whatever the default value is ?

Any suggestions/feedack is appreciated.

Cheers,
-SN-

Jennifer Halim · ‎07-05-2010

Yes, you definitely can by using the "set connection timeout" command with MPF.

Example:

access-list tcp-600-605-acl permit tcp any any range 600 605

class-map tcp-600-605-class

match access-list tcp-600-605-acl

policy-map tcp-600-605-policy

class tcp-600-605-class

set connection timeout tcp

Here is the URL of the command for your reference:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/command/reference/s1.html#wp2699979

Hope that helps.

View solution in original post

Jennifer Halim · ‎07-05-2010

Yes, you definitely can by using the "set connection timeout" command with MPF.

Example:

access-list tcp-600-605-acl permit tcp any any range 600 605

class-map tcp-600-605-class

match access-list tcp-600-605-acl

policy-map tcp-600-605-policy

class tcp-600-605-class

set connection timeout tcp

Here is the URL of the command for your reference:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/command/reference/s1.html#wp2699979

Hope that helps.

sanjay.nadarajah · ‎07-05-2010

Hi halijenn,

This is what I was looking for .

It looks like I need to learn to navigate the Cisco pages better .

Thank you,

Cheers,

-SN-