Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Session Timeout HTTP

I use to have a NetGear FVS338

I installed ASA 5505 two weeks ago.

This new firewall must have some timeout settings that the old NetGear didn't have.

I use Microsoft Reporting Services on my webserver that is behind this firewall.

I have a report that takes several minutes to run and now it timesout.

I have UDP 1026, TCP HTTP and HTTPS open.

I set the UDP timeout to 10 minutes in ASDM and this did not solve the issue.

It seems to timeout right at 2 minutes, so there must be a 2 minute default timeout set somewhere that I can't find.

Please help.


Re: Session Timeout HTTP

these are all the timeouts that the ASA uses:

See if one of these affects your reporting service, it would be helpful for you as well to turn on some logs that might show what connection is dropped due to what timeout.

Community Member

Re: Session Timeout HTTP

Thanks for the response...I set all these to 10 minutes and it still timesout at 2 minutes. Do you have to Reboot the firewall for this to take affect? If so I have to do it after hours.

Re: Session Timeout HTTP

Nope, no reboot is required at all, I would advise you to go ahead and set the logs on the ASA, they will tell you what timed out and why? logging monitor 5 with messages to monitor should show you something.

Community Member

Re: Session Timeout HTTP

I set the logging to debug mode.

There are no errors or anything, but the report is still timedout.

One thing I did notice is that the TCP build and teardown happens every minute during the connection.

You get one line saying Built Inbound TCP connection and the next line is teardown TCP connection.

Is it possible to extend the time between teardowns on the TCP connection?

Re: Session Timeout HTTP

What is the reason of the tear down? depending on this is whethere you will be able to control it or not

Community Member

Re: Session Timeout HTTP

See attached screenshot

Re: Session Timeout HTTP

The message that you see here for the port 443 is a normal termination of a TCP connection, the Server receives a Fin Flag, hence the firewall drops this TCP flow since there is no need to keep it up.

Community Member

Re: Session Timeout HTTP

Ok - well just coincidence that I put a new firewall in. Turns out my data is getting very large and found this article to fix the issue:

Increasing the timeout from this articel solved the problem.

Time to work on some database indexing.

Thanks for your help!!

CreatePlease to create content