Filter
Top Products
21-30
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 21 Managing Zone-based Firewall Rules
Configuring Inspection Maps for Zone-based Firewall Policies
Field Reference
Table 21-9 Add or Edit Inspect Parameter Map Dialog Boxes
Element Description
Name The name of the policy object. A maximum of 40 characters is allowed.
Description A description of the policy object. A maximum of 200 characters is
allowed.
DNS Timeout The length of time, in seconds, for which a DNS lookup session is
managed while there is no activity.
ICMP Timeout The length of time, in seconds, for which an inactive ICMP (Internet
Control Message Protocol) session is maintained.
Max Incomplete Low
Max Incomplete High
The number of existing half-open sessions that will cause the software
to start (at the high threshold) and stop (at the low threshold) deleting
half-open sessions.
Ensure that you enter a lower number in the Low field than you enter in
the High field, for example, 400 and 500. The default is unlimited
half-open sessions.
One Minute Low
One Minute High
The number of new unestablished sessions that causes the system to
start and stop deleting half-open sessions. Ensure that you enter a lower
number in the Low field than you enter in the High field. The default is
unlimited.
Max Sessions The maximum number of inspection sessions on a zone pair, for
example, 200. The default is unlimited.
TCP FINWAIT Timeout How long to maintain TCP session state information after the firewall
detects a FIN-exchange, in seconds. The FIN-exchange occurs when
the TCP session is ready to close.
TCP SYNWAIT Timeout How long to wait for a TCP session to reach the established state before
dropping the session, in seconds.
TCP Idle Timeout How long to maintain a TCP session while there is no activity in the
session, in seconds.