Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
4446
Views
0
Helpful
3
Replies

Threat Defense Connection timeout

Go to solution
j.albos
Level 1
Level 1

‎02-13-2019 05:31 AM - edited ‎03-12-2019 04:21 AM

Two Questions:

 

In previous ASA Version ( v8 ) there was a "Dead Connection Detection" ( DCD) - Function to Keep inactive but already existent Connections open.

Is DCD behavior also supportet in FTD ?

 

Background: Using a "foreign " Firewall Connections from Client to SAP Server becomes disconnected after a longer time of inactivity and people have to relogin  into the server. Replacing this foreign Firewall with a asa5510 the Connection keeps established and people can continue working without a relogin.

 

How do the Timeout Settings in FTD in  "Network Analysis Policy / TCP Stream Configuration" and the Timeout Setting in "Device Platform Settings" play togther ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎02-13-2019 10:12 PM

Hi

Have you tried configuring dcd using flexconfig?
You can put your asa config into a flexconfig object and deploy if.
I haven't tried yet myself for dcd (don't had the use case yet).
If commands are protected and not able to get pushed over flexconfig then you will get an error message right away at the deployment for fmc and at the config for fdm.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎02-13-2019 10:12 PM

Hi

Have you tried configuring dcd using flexconfig?
You can put your asa config into a flexconfig object and deploy if.
I haven't tried yet myself for dcd (don't had the use case yet).
If commands are protected and not able to get pushed over flexconfig then you will get an error message right away at the deployment for fmc and at the config for fdm.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
j.albos
Level 1
Level 1
In response to Francesco Molino

‎02-14-2019 01:25 AM

Hi Francesco,

thank you for your answer.

I did not ever deal with flexconfig before. I searched how to do that and found a hint that the Connection timeout is now configurable using Service policies from Version 3.0 . So i will update fmc and sensor and hope to easyly solve my Problem .

Thank you again - this help me.

https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/threat_defense_service_policies.html

 

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to j.albos

‎02-14-2019 01:09 PM

Yeah a some configs are still not configurable over the normal and standard GUI but there are through Flexconfig.
Test and let me know if that worked.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top