Solved

Cisco ASA Timeout Conn setting, what are the risks of lowering?

Posted on 2015-01-19
1
398 Views
Last Modified: 2015-01-20
Have an ASA that is over utilized in general. Working on temporary measures to free up any resources/bandwidth on the box. Until new hardware arrives

What is the danger of setting the Timeout Conn to say, 5, or 2 minutes? This FW is mostly used for web browsing traffic. I believe I read an article on increasing ASA performance suggesting to lower it to 2 minutes, which is the default for the FWSM module.

Thoughts?
0
Comment
Question by:LIBBB
1 Comment
 
LVL 7

Accepted Solution

by:
tolinrome earned 500 total points
ID: 40557880
This command will show you what all your timeouts are set for on the ASA:

(config)# show running-config | include timeout

Default for TCP connections (web traffic) for timeout is 1 hour. As long as you dont have an application that needs or expects idle connections (for example an application to SQL database), it probably wouldn't have much impact at all on the firewall, depending on how many TCP connections, of course though it would free up resources. If you did have an application as mentioned that needed a timeout you could create a policy map for it that will only enforce the idle time for that only, nothing else.

Make sure that your policy map global policy already isnt inspecting necessary traffic and causing unnecessary strain on the firewall.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Hardening ScreenOS 8 102
Sonicwall Firewall -- automatic nightly 2am speed tests ? 1 61
reserve ip based on mac addresses 6 105
IP Calculator 10 56
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now