Maintain Custom Timeouts for Data Center Applications
Easily maintain custom timeouts for applications
as you move from a port-based policy to an application-based policy.
Use this method to maintain custom timeouts instead of overriding
App-ID (losing application visibility) or creating a custom App-ID
(expending time and research).
To get started, configure custom
timeout settings as part of a service object:
Then add the service object in a policy
rule to apply the custom timeouts to the application(s) the rule
The following steps describe how apply custom timeouts
to applications; to apply custom timeouts to user groups, you can
follow the same steps but just make sure to add the service object
to the security policy rule that enforces the users to whom you
want the timeout to apply.
to add or modify a
You can also create service objects as you are defining
match criteria for a security policy rule: select
Service object to apply to the application traffic the rule governs.
Select the protocol for the service to use (TCP or UDP).
Enter the destination port number or a range of port numbers
used by the service.
Define the session timeout for the service.
Inherit from application
service-based timeouts are applied; instead, apply the application
—Define a custom session
timeout for the service.
If you chose to override the application timeout and define
a custom session timeout, continue to:
to set the Maximum length of time in seconds that a TCP session
can remain open after data transmission has started. When this time
expires, the session closes. The value range is 1 - 604800, and
the default value is 3600 seconds.
TCP Half Closed
to set the maximum length of time in seconds that a session remains
in the session table between receiving the first FIN packet and receiving
the second FIN packet or RST packet. If the timer expires, the session
closes. The value range is 1 - 604800, and the default value is
TCP Wait Time
set the maximum length of time in seconds that a session remains
in the session table after receiving the second FIN packet or a RST
packet. When the timer expires, the session closes. The value range is
1 - 600, and the default value is 15 seconds.
to save the service object.
modify a policy rule to govern the application traffic you want
service object you just created to the security policy rule.