https://community.cisco.com/t5/network-security/change-the-idle-timeout-for-a-specific-host/m-p/1638114#M594964 <P>Platform: FWSM 3.2(18)</P><P></P><P>I need to change the idle connection timeout for a specific host. I'm pretty sure the following policy will achieve this.</P><P></P><P>&lt;begin code extract&gt;</P><P>access-list CMS-TIMEOUT permit tcp any host 10.1.1.1</P><P></P><P>class-map CMS-TIMEOUT</P><P> match access-list CMS-TIMEOUT</P><P></P><P>policy-map CMS-TIMEOUT<BR /> class CMS-TIMEOUT<BR /> set connection timeout idle 4:0:0</P><P></P><P>service-policy conns interface outside</P><P>&lt;end code extract&gt;</P><P></P><P>My question is, will the above policy override the global policy configuration applied to the outside interface. We only have the std default glovbal policy applied i.e. no other service policies are used?</P> Mon, 11 Mar 2019 19:31:43 GMT axa_tech_uk 2019-03-11T19:31:43Z https://community.cisco.com/t5/network-security/change-the-idle-timeout-for-a-specific-host/m-p/1638114#M594964 <P>Platform: FWSM 3.2(18)</P><P></P><P>I need to change the idle connection timeout for a specific host. I'm pretty sure the following policy will achieve this.</P><P></P><P>&lt;begin code extract&gt;</P><P>access-list CMS-TIMEOUT permit tcp any host 10.1.1.1</P><P></P><P>class-map CMS-TIMEOUT</P><P> match access-list CMS-TIMEOUT</P><P></P><P>policy-map CMS-TIMEOUT<BR /> class CMS-TIMEOUT<BR /> set connection timeout idle 4:0:0</P><P></P><P>service-policy conns interface outside</P><P>&lt;end code extract&gt;</P><P></P><P>My question is, will the above policy override the global policy configuration applied to the outside interface. We only have the std default glovbal policy applied i.e. no other service policies are used?</P> Mon, 11 Mar 2019 19:31:43 GMT https://community.cisco.com/t5/network-security/change-the-idle-timeout-for-a-specific-host/m-p/1638114#M594964 axa_tech_uk 2019-03-11T19:31:43Z https://community.cisco.com/t5/network-security/change-the-idle-timeout-for-a-specific-host/m-p/1638115#M594968 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Long story short, your policy on interface takes precedence over global as it will be the first one to be hit. </P><P></P><P><SPAN class="content"></SPAN></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/mpf_f.html#wp1137086">http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/mpf_f.html#wp1137086</A></P><P></P><P>I might be wrong, but that's the way I recollect it.</P><P></P><P>Marcin</P></BODY></HTML> Fri, 07 Jan 2011 14:06:17 GMT https://community.cisco.com/t5/network-security/change-the-idle-timeout-for-a-specific-host/m-p/1638115#M594968 Marcin Latosiewicz 2011-01-07T14:06:17Z https://community.cisco.com/t5/network-security/change-the-idle-timeout-for-a-specific-host/m-p/1638116#M594973 <HTML><HEAD></HEAD><BODY><P>Thanks for your reply, what I really mean, is will it be the only policy appilled i.e. will the global policy no longer be applied, or does the global policy always get applied and will always be processed. Assuming it is appllied globally?</P></BODY></HTML> Fri, 07 Jan 2011 14:38:36 GMT https://community.cisco.com/t5/network-security/change-the-idle-timeout-for-a-specific-host/m-p/1638116#M594973 axa_tech_uk 2011-01-07T14:38:36Z https://community.cisco.com/t5/network-security/change-the-idle-timeout-for-a-specific-host/m-p/1638117#M594977 <HTML><HEAD></HEAD><BODY><P>The global policy will be applied after the interface specific policy - which does take precedence.</P><P></P><P>-KS</P></BODY></HTML> Fri, 07 Jan 2011 15:59:14 GMT https://community.cisco.com/t5/network-security/change-the-idle-timeout-for-a-specific-host/m-p/1638117#M594977 Kureli Sankar 2011-01-07T15:59:14Z