Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1325
Views
0
Helpful
2
Replies

Can DCD (Dead Connection Detection) close idle connections on host/server?

faqureshi
Level 1
Level 1

‎05-17-2011 07:11 AM - edited ‎03-11-2019 01:34 PM

Hi,

I have a FWSM in between two servers. TCP session on one of the servers still remains open even if session timesout. I want to know if I enable DCD on firewall, will it detect and close idle session on firewall only or it has capability to send FIN message and idle connections on server sides can also be closed.

Any help in this regard is highly appreciated.

Regards,

Fahad.

Labels:
0 Helpful
2 Replies 2

varrao
Level 10
Level 10

‎05-17-2011 07:43 AM

Fahad,

DCD feature is as of yet not available on FWSM, although you can configure idle timeout on FWSM apart from default setting, have a look at the doc:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/command/reference/s1.html#wp2725339

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

brquinn
Level 1
Level 1

‎05-17-2011 07:50 AM

DCD sends TCP keepalives after a specified amount of idle time. The FWSM will not send FINs. If there is no conn present, (like after the conn has been torn down due to idle timeout), the FWSM can be configured to respond with a reset with the 'service reset no-connection' command.

The DCD feature just prompts both peers to confirm that their TCP socket is still open. It is then up to the hosts to decide how they respond.

Thanks,

Brendan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card