Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
627
Views
0
Helpful
2
Replies

PIX TCP timeout

rnance
Level 1
Level 1

‎06-25-2003 05:25 AM - edited ‎02-20-2020 10:49 PM

We have some developers that have an application that they say needs to have the TCP timeout set to 4 hours (talking to some mainframe somewhere)and I need some ammunition/arguments that will show them how this is not a secure thing to do.

0 Helpful
2 Replies 2

tvanginneken
Level 4
Level 4

‎06-25-2003 08:07 AM

Hi,

I don't think that this is a real security problem for TCP connections because TCP headers include the sequence numbers of the packets.

It is not a good idea to do this for UDP connections since there are no sequence numbers inside the UCP header.

Regards,

Tom

0 Helpful

shannong
Level 4
Level 4

‎06-25-2003 08:19 AM

It's not really a security issue. However, if the firewall handles alot of sessions, it may significantly impact memory consumption and slightly on the CPU load.

What type of client and server? What protocol is used for connectivity?

*nix hosts can be configured to send keepalives. The client side app can be configured/written to send keepalives. This will prevent the timeouts on the firewall.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card