Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2626
Views
0
Helpful
1
Replies

decrement ttl and idle timeout on FTD

AveLor46429
Level 1
Level 1

‎07-14-2020 01:44 AM

Hello!

I'm using FTD 2110 managed by FMC. So I want working traceroute and made a threat defence policy with decrement ttl option like it described here.

Traceroute starts working, but all connections (tcp, udp, icmp) after policy applying now has idle timeout 1 hour:

class class_map_ACL_Traceroute
set connection timeout idle 1:00:00
set connection decrement-ttl

 

policy with defalut options - I only turn on decrement ttl option:

image.png

 

 

How can I configure this policy without connection timeout modification? flexconfig with only decrement ttl option give an error, like here

Thank you.

PS I try to update ftd and fmc from 6.4 to 6.6 and in does not solve problem

0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

‎07-14-2020 01:04 PM

Those are the default timeouts.  They are present even when you do not have Threat Defence Policy configured.

FTD policy.JPG

 

FTD# show run | in timeout
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02

 

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card