Tcptimeout, Udptimeout, Halfshuttimer – Compatible Systems 5.4 User Manual

Chapter 8 - IntraGuard Firewall Configuration

147

TCPTimeout

This field sets the number of seconds the firewall will wait before shutting
down an inactive TCP session. Values may range from 0 to 0xFFFFFFFF.
The default is 172,800 seconds (48 hours).

UDPTimeout

This field sets the number of seconds the firewall will wait before shutting
down an inactive non-TCP session. Values may range from 0 to
0xFFFFFFFF. The default is 60 seconds.

HalfShutTimer

This field sets the number of seconds the firewall will wait to close down a
half-shut, inactive TCP session. TCP specifies that for a session to be fully
closed down, both ends of the connection must send out a FIN packet. If the
firewall has not received a FIN packet from the other end and there has been
no activity during the specified length of time, the firewall will clear the
session. Values may range from 0 to 0xFFFFFFFF. The default is 120
seconds. Setting a value of 0 will disable the timer.

DynamicTimer

This field sets the number of seconds the firewall will wait before shutting
down an inactive dynamic session. Dynamic sessions are created by the fire-
wall to allow TCP sessions or non-TCP packets to come through the firewall.
The firewall does this by monitoring packet headers and data, and then
opening permitted sessions only when necessary. Values may range from 0 to
300. The default is 60 seconds.

RejectTimer

This field sets the number of seconds the firewall will keep track of rejected
packets after the packet flow has ended. The firewall tallies the different types
of rejected packets and summarizes the information in a display using the
show firewall rejects command (see firewall(show) in the Text-Based
Configuration and Command Line Reference Guide). Values may range
from 0 to 0xFFFFFFFF. The default is 300 seconds. If the Reject Timer is set
to 0, the firewall will log every rejected packet individually, without summa-
rizing them in a tally.