Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
652
Views
0
Helpful
3
Replies

Change the IDLE timeout for a specific host

axa_tech_uk
Level 1
Level 1

‎01-07-2011 04:23 AM - edited ‎03-11-2019 12:31 PM

Platform: FWSM 3.2(18)

I need to change the idle connection timeout for a specific host. I'm pretty sure the following policy will achieve this.

<begin code extract>

access-list CMS-TIMEOUT permit tcp any host 10.1.1.1

class-map CMS-TIMEOUT

match access-list CMS-TIMEOUT

policy-map CMS-TIMEOUT
class CMS-TIMEOUT
set connection timeout idle 4:0:0

service-policy conns interface outside

<end code extract>

My question is, will the above policy override the global policy configuration applied to the outside interface. We only have the std default glovbal policy applied i.e. no other service policies are used?

Labels:
0 Helpful
3 Replies 3

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎01-07-2011 06:06 AM

Hi,

Long story short, your policy on interface takes precedence over global as it will be the first one to be hit.

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/mpf_f.html#wp1137086

I might be wrong, but that's the way I recollect it.

Marcin

0 Helpful

axa_tech_uk
Level 1
Level 1
In response to Marcin Latosiewicz

‎01-07-2011 06:38 AM

Thanks for your reply, what I really mean, is will it be the only policy appilled i.e. will the global policy no longer be applied, or does the global policy always get applied and will always be processed. Assuming it is appllied globally?

0 Helpful

Kureli Sankar
Cisco Employee
Cisco Employee
In response to axa_tech_uk

‎01-07-2011 07:59 AM

The global policy will be applied after the interface specific policy - which does take precedence.

-KS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card