History For Connection Settings - Cisco ASA Series Configuration Manual

History for Connection Settings

•
History for Connection Settings
Feature Name
TCP state bypass
Connection timeout for all protocols
Timeout for connections using a backup static
route
Configurable timeout for PAT xlate
Cisco ASA Series Firewall CLI Configuration Guide
16-18
show threat-detection statistics top tcp-intercept [all | detail]
View the top 10 protected servers under attack. The all keyword shows the history data of all the
traced servers. The detail keyword shows history sampling data. The ASA samples the number of
attacks 30 times during the rate interval, so for the default 30 minute period, statistics are collected
every 60 seconds.
Platform
Releases
8.2(1)
8.2(2)
8.2(5)/8.4(2)
8.4(3)
Description
This feature was introduced. The following command was
introduced: set connection advanced-options
tcp-state-bypass.
The idle timeout was changed to apply to all protocols, not
just TCP.
The following command was modified: set connection
timeout
When multiple static routes exist to a network with different
metrics, the ASA uses the one with the best metric at the
time of connection creation. If a better route becomes
available, then this timeout lets connections be closed so a
connection can be reestablished to use the better route. The
default is 0 (the connection never times out). To take
advantage of this feature, change the timeout to a new value.
We modified the following command: timeout
floating-conn.
When a PAT xlate times out (by default after 30 seconds),
and the ASA reuses the port for a new translation, some
upstream routers might reject the new connection because
the previous connection might still be open on the upstream
device. The PAT xlate timeout is now configurable, to a
value between 30 seconds and 5 minutes.
We introduced the following command: timeout pat-xlate.
This feature is not available in 8.5(1) or 8.6(1).
Chapter 16 Connection Settings