Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
56-11
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 56 Configuring Service Policy Rules on Firewall Devices
IPS, QoS, and Connection Rules Page
Connection Timeouts You can specify the following connection timeout settings for this
traffic flow:
Embryonic Connection Timeout – Specify the idle time until an
embryonic connection slot is freed. Enter 0:0:0 to disable timeout
for the connection. The default is 20 seconds for FWSMs, and 30
seconds for ASA/PIX devices.
Half Closed Connection Timeout – Specify the idle time until a
half-closed connection slot is freed. Enter 0:0:0 to disable timeout
for the connection.
For FWSMs, the default value is 20 seconds; the maximum value
is 255 seconds (four minutes, 15 seconds).
For ASA/PIX devices, this duration must be at least 5 minutes; the
default is 10 minutes.
TCP Connection Timeout – Specify the idle time until a
connection slot is freed. Enter 0:0:0 to disable timeout for the
connection. This duration must be at least 5 minutes. The default is
1 hour.
Reset Connection Upon
Timeout
If selected, connections are reset after a timeout occurs. Available for
ASA/PIX 7.0(4)+ only.
Detect Dead Connections Enables the Dead Connection Detection feature; available for ASA/PIX
7.2+ devices. Selecting this option enables these two fields:
Dead Connection Detection Timeout – Specify the period of time
between retries when a dead connection is detected. The default is
15 seconds.
Dead Connection Detection Retries – Specify the number of
retries to be performed after a dead connection is detected. The
default is five.
Traffic Flow Idle Timeout Specify the period of time between a traffic flow becoming idle and the
flow’s disconnection. Applicable to FWSM 3.2+ only. The default is 1
hour.
Enable TCP Normalization Enables TCP normalization, and activates the TCP Map selection
option. Applies to ASA/PIX 7.0+ only; not applicable if TCP State
Bypass is enabled.
TCP map Specify the TCP map to use for TCP normalization: enter or Select the
name of a TCP map. For more information, see Configuring TCP Maps,
page 56-20.
Table 56-3 Insert/Edit Service Policy (MPC) Rule Wizard—Step 3. Configure the actions.
Element Description