Filter
Top Products
17-89
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 17 Managing Firewall Inspection Rules
Configuring Settings for Inspection Rules for IOS Devices
• (Policy view) Select Firewall > Settings > Inspection from the Policy Type selector. Create a new
policy or select an existing one.
• (Map view) Right-click a device and select Edit Firewall Settings > Inspection.
The following table explains the available inspection settings.
Table 17-54 Inspe cti on Pa ge
Element Description
Global Timeout Values
TCP Establish Timeout
(seconds)
How long to wait for a TCP session to reach the established state before
dropping the session, in seconds, from 1-2147483. The default is 30.
FIN Wait Time (seconds) How long to maintain TCP session state information after the firewall
detects a FIN-exchange, in seconds, from 1-2147483. The
FIN-exchange occurs when the TCP session is ready to close. The
default is 5.
TCP Idle Time (seconds) How long to maintain a TCP session while there is no activity in the
session, in seconds, from 1-2147483. The default is 3600 (one hour).
UDP Idle Time (seconds) How long to maintain a UDP session while there is no activity in the
session, in seconds, from 1-2147483. The default is 30.
When the software detects a valid UDP packet, the software establishes
state information for a new UDP session. Because UDP is a
connectionless service, there are no actual sessions, so the software
approximates sessions by examining the information in the packet and
determining if the packet is similar to other UDP packets (for example,
it has similar source or destination addresses) and if the packet was
detected soon after another similar UDP packet.
If the software detects no UDP packets for the UDP session for the
period of time defined by the UDP idle timeout, the software will not
continue to manage state information for the session.
DNS Timeout (seconds) The length of time for which a DNS lookup session is managed while
there is no activity, in seconds, from 1-2147483. The default is 5.
SYN Flooding DoS Attack Thresholds
Maximum 1 Minute
Connection Rate - low
Maximum 1 Minute
Connection Rate - high
The number of new unestablished sessions that causes the system to
start and stop deleting half-open sessions. Ensure that you enter a lower
number in the Low field than you enter in the High field. Possible
values are from 1-2147483647 per minute. The default is 400 for low
and 500 for high.
Maximum Incomplete
Sessions Stop Threshold
Maximum Incomplete
Sessions Start Threshold
The number of existing half-open sessions that will cause the software
to start and stop deleting half-open sessions. Ensure that you enter a
lower number in the stop field than you enter in the start field. Possible
values are from 1-2147483647. The default is 400 for low and 500 for
high.