I have a ASA-5510 (9.11-4-K8) monitoring a network that is required to use the DISA STIGs for certain security settings. there is a requirement (STIG ID NET0965) that requires the following:
The network device must be configured with a maximum wait time of 10 seconds or less to allow a host to establish a TCP connection.
Configure the maximum wait time for TCP connections to be established with the device to 10 seconds or less.
this is possible on a router or switch but can this be configured on the ASA?
You mean traffic to the box or through the box?
This particular requirment NET0965 is for communications from a client to the ASA. IE: ssh, asdm, bgp, scp etc....
I found how to do it on the IOS ISR platform, but not on the ASA.
also on the IOS ISR platform: use: ip tcp synwait-time 10