Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 565
  • Last Modified:

Cisco ASA Timeout Conn setting, what are the risks of lowering?

Have an ASA that is over utilized in general. Working on temporary measures to free up any resources/bandwidth on the box. Until new hardware arrives

What is the danger of setting the Timeout Conn to say, 5, or 2 minutes? This FW is mostly used for web browsing traffic. I believe I read an article on increasing ASA performance suggesting to lower it to 2 minutes, which is the default for the FWSM module.

Thoughts?
0
LIBBB
Asked:
LIBBB
1 Solution
 
tolinromeCommented:
This command will show you what all your timeouts are set for on the ASA:

(config)# show running-config | include timeout

Default for TCP connections (web traffic) for timeout is 1 hour. As long as you dont have an application that needs or expects idle connections (for example an application to SQL database), it probably wouldn't have much impact at all on the firewall, depending on how many TCP connections, of course though it would free up resources. If you did have an application as mentioned that needed a timeout you could create a policy map for it that will only enforce the idle time for that only, nothing else.

Make sure that your policy map global policy already isnt inspecting necessary traffic and causing unnecessary strain on the firewall.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now