Hi,

tankvishal1108 · ‎01-06-2016

what command is used to clear half open connection in ASA firewall

and does it help reducing cpu processes ??

What are other way to reduce high cpu utilization in production environment?

Shivapramod M · ‎01-06-2016

Hi,

Half open has default connection timeout as 30 seconds. If there is large amount of half open or embryonic connection then it could be DOS attack. This can impact the performance of the ASA.

You can configure TCP intercept or you can configure threat detection to resolve the issue. Please refer below link for tcp intercept.

https://supportforums.cisco.com/document/12021641/tcp-intercept-feature-asa-device

You can refer the below link for threat detection

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/protect_threat.html#wpxref80031

Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

Half-open connection in firewall

Cisco Secure Firewall (FTD) - How To

Secure Firewall (FMC/FTD): はじめての AI アシスタント

Firewall: Cisco Secure Firewall の rommon> から USB Memory 内のイメージを起動する方法

【原创】Firepower Identity Firewall

Forward Error Connection 'FEC'