Solved: Re: connection timeout settings

adamgibs7 · ‎06-03-2018

Dears,

Please find the attached , In the attached I can see the idle connection timeout the default timers are 1193:00:00 hence it seems to me very huge, is it recommended to change these setting ???? I tried to search in the running configuration these numbers ( 1193) but they are not available

I can see only these setting for the connection

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02

adamgibs7 · ‎06-09-2018

Awaiting your reply experts

View solution in original post

Rob Ingram · ‎06-09-2018

Embryonic connection can be considered half open (a connection that has not completed the 3 way handshake). Half-closed would be when a peer does not acknowledge the closing of a connection. This post explains further.

View solution in original post

Bogdan Nita · ‎06-04-2018

Should be an asdm bug, you could try a newer asdm or java version.

Based on the cli runn config the connection timeout is 1h (defaut value).

HTH

Bogdan

adamgibs7 · ‎06-04-2018

what is the difference between the embryonic connection and half closed connections, do the default are best practice and no harm to the firewall or they have to be changed.

thanks

adamgibs7 · ‎06-09-2018

Awaiting your reply experts

Rob Ingram · ‎06-09-2018

Embryonic connection can be considered half open (a connection that has not completed the 3 way handshake). Half-closed would be when a peer does not acknowledge the closing of a connection. This post explains further.

Abdullo Salikhov · ‎06-21-2018

take a look at this:

class-map BLABLA
match access-list BLABLA | with needed IP range or subnet

policy-map global_policy (or you can create a new one)

class BLABLA
set connection timeout idle 3:00:00 dcd 0:30:00 3

Abdullo Salikhov
Dushanbe, Tajikistan