Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1584
Views
4
Helpful
1
Replies

Half-open connection in firewall

tankvishal1108
Level 1
Level 1

‎01-06-2016 11:46 AM - edited ‎03-12-2019 12:07 AM

what command is used to clear half open connection in ASA firewall 

and does it help reducing cpu processes ??

What are other way to reduce high cpu utilization in production environment?

Labels:
0 Helpful
1 Reply 1

Shivapramod M
Level 1
Level 1

‎01-06-2016 05:37 PM

Hi,

Half open has default connection timeout as 30 seconds. If there is large amount of half open or embryonic connection then it could be DOS attack. This can impact the performance of the ASA.

You can configure TCP intercept or you can configure threat detection to resolve the issue. Please refer below link for tcp intercept.

https://supportforums.cisco.com/document/12021641/tcp-intercept-feature-asa-device

You can refer the below link for threat detection

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/protect_threat.html#wpxref80031

Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card