Filter
Top Products
55-6
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 55 Configuring Security Policies on Firewall Devices
Configuring Timeouts
SIP Disconnect (PIX 6.3(5),
PIX/ASA 7.2+, FWSM 3.2+)
Length of time idle after which a SIP session is deleted if the 200 OK
is not received for a CANCEL or a BYE message. The minimum value
is 0:0:1; the maximum value is 0:10:0. The default value is 0:02:00.
SIP Invite (PIX 6.3(5),
PIX/ASA 7.2+, FWSM 3.2+)
Length of time idle after which pinholes for PROVISIONAL responses
and media xlates will be closed. The minimum value is 0:1:0; the
maximum value is 0:30:0. The default value is 0:03:00.
SIP Provisional Media
(PIX/ASA 7.2(3)+)
The timeout value for SIP provisional media connections; must be a
value between 0:1:0 and 1193:0:0. The default is 2 minutes.
Auth. (uath) Absolute Length of time until the authentication cache times out and new
connections must be re-authenticated. The system waits until a user
starts a new connection to prompt for re-authentication. This time must
be shorter than the Translation Slot value. Click Disable or enter 0:0:0
to disable caching and require re-re-authentication on every new
connection.
Note Do not set this value to 0:0:0 if passive FTP is used on the
connections.
Note If you set this value to 0:0:0; HTTPS authentication may not
work. If a browser initiates multiple TCP connections to load a
Web page after HTTPS authentication, the first connection is
permitted through, but subsequent connections trigger
authentication. As a result, users are continuously presented
with an authentication page, even after successful
authentication. To work around this, set the authentication
absolute timeout to 1 second. However, this workaround opens
a one-second window of opportunity that might allow
non-authenticated users through the firewall if they are coming
from the same source IP address.
Auth. (uath) Inactivity Length of time idle until the authentication cache times out and users
have to re-authenticate new connections. This duration must be shorter
than the Translation Slot value.
Table 55-3 Timeouts Page (Continued)
Element Description