Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Pix 6.x and 7.x timeout settings for specific rules?

I have a request from some of our internal app developers who have WBI and MQ sessions across DMZ domains to expand the timeout values on the firewall for their apps. As far as I can tell, the timeout values are global for the entire firewall TCP/IP stack. Does anyone know of a way I can make timeouts longer for a specific IP or port in the rules? Or, as I have already told my developers, this isn't possible :-)

2 REPLIES
Hall of Fame Super Blue

Re: Pix 6.x and 7.x timeout settings for specific rules?

Hi Toby

On 6.x you are right the timeouts are global.

However i believe on 7.x you can use a class map for particular traffic and apply the timeout to that class rather than globally across the whole firewall. Have a look at the attached config doc for ASA Modular Policy Framework.

http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/mpc.html

HTH

Jon

New Member

Re: Pix 6.x and 7.x timeout settings for specific rules?

Jon ... thanks for the link. It looks promising.

We're going to do some experimenting and see how it goes.

122
Views
0
Helpful
2
Replies
CreatePlease to create content