06-19-2019 03:19 PM - edited 06-19-2019 03:57 PM
I have an IPsec VPN config which uses UDP 500 and UDP 4500. After adding a basic ZBFW config to block unsolicited incoming connection. I noticed my VPN is flapping occasionally. Since it does not occur consistently, I suspect it has to do with session timeout.
This is a VPN client, I do not want to add bypass for all UDP 500/4500 traffic. Is there a global config for ZBFW UDP timeout? The CBAC config "ip inspect udp idle-time 60" does not work anymore.\
On a related note, what is the default UDP session timeout for ZBFW?
Solved! Go to Solution.
06-20-2019 09:58 AM
Answering my own question here:
Base on my experiment, the default UDP session timeout is 30s. And here is the way to change the UDP session timeout for ZBFW:
parameter-map type inspect default
udp idle-time 60
06-20-2019 09:58 AM
Answering my own question here:
Base on my experiment, the default UDP session timeout is 30s. And here is the way to change the UDP session timeout for ZBFW:
parameter-map type inspect default
udp idle-time 60
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide