Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX TCP timeout

We have some developers that have an application that they say needs to have the TCP timeout set to 4 hours (talking to some mainframe somewhere)and I need some ammunition/arguments that will show them how this is not a secure thing to do.

2 REPLIES

Re: PIX TCP timeout

Hi,

I don't think that this is a real security problem for TCP connections because TCP headers include the sequence numbers of the packets.

It is not a good idea to do this for UDP connections since there are no sequence numbers inside the UCP header.

Regards,

Tom

Silver

Re: PIX TCP timeout

It's not really a security issue. However, if the firewall handles alot of sessions, it may significantly impact memory consumption and slightly on the CPU load.

What type of client and server? What protocol is used for connectivity?

*nix hosts can be configured to send keepalives. The client side app can be configured/written to send keepalives. This will prevent the timeouts on the firewall.

296
Views
0
Helpful
2
Replies
CreatePlease to create content