https://community.cisco.com/t5/network-security/service-session-timeout/m-p/928337#M941197 <HTML><HEAD></HEAD><BODY><P>Thanks Sundar,</P><P></P><P>But I think if I use the command " timeout conn 5:00:00 ", it will change the timeout to 5 hours for all TCP connections. I want the time out to be changes to a specific TCP service for example for TCP port 3000 and for the rest, it can remain the same.</P><P></P><P>Is there a way to set timeout for particular service?</P><P></P><P>Thanks</P><P>Prashant</P></BODY></HTML> Tue, 11 Mar 2008 21:37:48 GMT pmago 2008-03-11T21:37:48Z https://community.cisco.com/t5/network-security/service-session-timeout/m-p/928331#M941180 <P>I believe there is a default 30 min TCP idle session timeout attached with every TCP service. There are features in other firewalls to increase this timeout or set it to None. Can we do the same in PIX/FWSM also.</P><P></P><P>Could you help me with commands to verify and increase the same.</P><P></P><P>Thanks</P><P>Prashant</P> Mon, 11 Mar 2019 12:15:29 GMT https://community.cisco.com/t5/network-security/service-session-timeout/m-p/928331#M941180 pmago 2019-03-11T12:15:29Z https://community.cisco.com/t5/network-security/service-session-timeout/m-p/928332#M941182 <HTML><HEAD></HEAD><BODY><P>i think you are looking for the timeout command:</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/t_72.html#wp1386607" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/t_72.html#wp1386607</A></P><P></P><P>sh run | inclu timeout</P><P>or</P><P>sh run timeout</P></BODY></HTML> Tue, 11 Mar 2008 19:06:42 GMT https://community.cisco.com/t5/network-security/service-session-timeout/m-p/928332#M941182 srue 2008-03-11T19:06:42Z https://community.cisco.com/t5/network-security/service-session-timeout/m-p/928333#M941185 <HTML><HEAD></HEAD><BODY><P>Thanks for the good doc but this did not exactly solve my problem. </P><P></P><P>I am looking to increase service time-out.</P><P></P><P>So, lets say if I configure a new service, it should have a timeout of 300 min (5 hrs), instead of default timeout of 30 min.</P><P></P><P>Not sure which command can help me do this.</P><P></P><P>Thanks</P><P>Prashant</P></BODY></HTML> Tue, 11 Mar 2008 20:35:24 GMT https://community.cisco.com/t5/network-security/service-session-timeout/m-p/928333#M941185 pmago 2008-03-11T20:35:24Z https://community.cisco.com/t5/network-security/service-session-timeout/m-p/928334#M941188 <HTML><HEAD></HEAD><BODY><P>Prashant,</P><P></P><P>The default TCP idle timeout is 1 hour. If you want to change it to 5 hrs use the command.</P><P></P><P>pixfirewall(config)# timeout conn 5:00:00</P><P></P><P>Here are your options as far as the timeout for different services are concerned;</P><P></P><P>pixfirewall(config)# timeout ?</P><P></P><P>configure mode commands/options:</P><P> conn Configure idle time after which a TCP connection state will</P><P> be closed, default is 1:00:00</P><P> h225 Configure idle time after which an H.225 signaling conn will</P><P> be closed, default is 1:00:00</P><P> h323 Configure idle time after which an H.323 control connection</P><P> will be closed, default is 0:05:00</P><P> half-closed Configure idle time after which a TCP half-closed connection</P><P> will be freed, default is 0:10:00</P><P> icmp Configure idle timeout for ICMP, default is 0:00:02</P><P></P><P>HTH</P><P></P><P>Sundar</P><P></P><P></P><P></P></BODY></HTML> Tue, 11 Mar 2008 21:12:59 GMT https://community.cisco.com/t5/network-security/service-session-timeout/m-p/928334#M941188 sundar.palaniappan 2008-03-11T21:12:59Z https://community.cisco.com/t5/network-security/service-session-timeout/m-p/928335#M941191 <HTML><HEAD></HEAD><BODY><P>"There are features in other firewalls to increase this timeout or set it to None."</P><P></P><P>You must be refer to either Checkpoint or</P><P>Juniper firewalls. For example, you can</P><P>create a telnet, tcp port 23, service and</P><P>set the timeout session to let say 6 hours, </P><P>or you can create an ssh service and set the</P><P>timeout to 10 minutes.</P><P></P><P>I've been trying to find this feature in</P><P>Cisco Pix/ASA/FWSM as well but don't think</P><P>it is possible.</P><P></P><P>CCIE Security</P></BODY></HTML> Tue, 11 Mar 2008 21:26:28 GMT https://community.cisco.com/t5/network-security/service-session-timeout/m-p/928335#M941191 cisco24x7 2008-03-11T21:26:28Z https://community.cisco.com/t5/network-security/service-session-timeout/m-p/928336#M941195 <HTML><HEAD></HEAD><BODY><P>I see what you are asking. AFAIK I don't think in Cisco firewall you can configure timeout for services inside of TCP. It would be just a global timeout value for TCP.</P></BODY></HTML> Tue, 11 Mar 2008 21:35:06 GMT https://community.cisco.com/t5/network-security/service-session-timeout/m-p/928336#M941195 sundar.palaniappan 2008-03-11T21:35:06Z https://community.cisco.com/t5/network-security/service-session-timeout/m-p/928337#M941197 <HTML><HEAD></HEAD><BODY><P>Thanks Sundar,</P><P></P><P>But I think if I use the command " timeout conn 5:00:00 ", it will change the timeout to 5 hours for all TCP connections. I want the time out to be changes to a specific TCP service for example for TCP port 3000 and for the rest, it can remain the same.</P><P></P><P>Is there a way to set timeout for particular service?</P><P></P><P>Thanks</P><P>Prashant</P></BODY></HTML> Tue, 11 Mar 2008 21:37:48 GMT https://community.cisco.com/t5/network-security/service-session-timeout/m-p/928337#M941197 pmago 2008-03-11T21:37:48Z https://community.cisco.com/t5/network-security/service-session-timeout/m-p/928338#M941199 <HTML><HEAD></HEAD><BODY><P>Yes, this is what I am looking for, to change the timeout for particular service like ssh. I have seen it in Juniper Firewalls where we can easily modify the timeout or set it to none.</P><P></P><P>Thanks</P><P>Prashant</P></BODY></HTML> Tue, 11 Mar 2008 21:39:58 GMT https://community.cisco.com/t5/network-security/service-session-timeout/m-p/928338#M941199 pmago 2008-03-11T21:39:58Z