Set connection timeouts

You can define general timeouts for removing idle connections from the state table, including non-TCP communications that are handled like connections.

The timeout prevents wasting engine resources on storing information about abandoned connections. Timeouts are a normal way to clear traffic information with protocols that have no closing mechanism. The communicating client and server also have timeouts for closing inactive connections.

You can set timeouts by protocol and by TCP connection state. Idle timeouts set in Access rules override these global settings.

Timeouts do not affect active connections. The connections are kept in the state table as long as the interval of packets within a connection is shorter than the timeouts set.

CAUTION:
Setting excessive timeouts for many connections consumes resources excessively and can disturb the operation of the engine.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click a Firewall, IPS, or Layer 2 Firewall element, then select Edit <element type>.
  2. In the navigation pane on the left, browse to Advanced Settings > Idle Timeouts.
  3. Click the Timeout(s) column and enter the timeout value for the protocol in seconds.
  4. (Optional) Click Add to add a protocol to the list and enter the timeout for the protocol.
  5. Click Save and Refresh to transfer the configuration changes.

Engine Editor > Advanced Settings > Idle Timeouts

Use this branch to view and change the timeouts for removing idle connections from the state table, including non-TCP communications that are handled like connections.

Option Definition
Timeouts table

Double-click the Timeout(s) cell to change the value. Click Add to add an element to the table, or Remove to remove the selected element. To set the selected protocols and values back to default settings, click Set to Default.