Our firewall has the default timeout for idle connections and is set at 1 hour.
i know i can change this, but my question is this :
Is there a way that i can configure the firewall, to have different idle timeouts for for different groups based on their IP, or subnet or something similar i can use to differentiate the groups ?
Which firewall hardware and what version of code are you running. The short answer is yes you can do this if your are running v7.x code or later (v3.x code on an FWSM). If you are running v6.x code (v2.x on an FWSM) you cannot do this as the timeouts are global.
If you let me know hardware/software i can send you a link.
Here is a link to configuring per connection/group of connections timeouts.
Its very helpful actually...
i also left u 5 rating score !!! (ifi remember correctly !!)
i never said it was nto helpful,
and once again,
thanks for your help !!!
Apologies, it's the way the responses sometimes are presented. I wasn't referring to your rating or response, rather the fact that someone else rated my original response in this thread as not helpful.
My comment was not intended for you. Many thanks for your rating, hope that clears things up
no worries Jon !!!
im clear with things...ill see what they want to achieve and come up with a suitable solution !!!
Yes, you can set the connection timeout in a policy-map, so you can specify different values per class.
The example here has a class-map matching destination IP and port, but you can just as well match on source IP address.
If you need more help let us know.
 Sorry, hadn't noticed this had been answered already :)