cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1246
Views
4
Helpful
1
Replies

Half-open connection in firewall

tankvishal1108
Beginner
Beginner

what command is used to clear half open connection in ASA firewall 

and does it help reducing cpu processes ??

What are other way to reduce high cpu utilization in production environment?

1 Reply 1

Shivapramod M
Beginner
Beginner

Hi,

Half open has default connection timeout as 30 seconds. If there is large amount of half open or embryonic connection then it could be DOS attack. This can impact the performance of the ASA.

You can configure TCP intercept or you can configure threat detection to resolve the issue. Please refer below link for tcp intercept.

https://supportforums.cisco.com/document/12021641/tcp-intercept-feature-asa-device

You can refer the below link for threat detection

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/protect_threat.html#wpxref80031

Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers