Configuring Timeouts For Sessions; Setting The Timeout For A Protocol - HP 7102dl - ProCurve Secure Router Configuration Manual

ProCurve Secure Router OS Firewall—Protecting the Internal, Trusted Network

Configuring Timeouts for Sessions

As well as screening TCP and UDP packets for attacks, the Secure Router OS
firewall monitors all ICMP, TCP, and UDP sessions established through the
router. One of the advantages of a stateful-inspection firewall is that it moni-
tors sessions to ensure that they proceed in a valid and logical fashion. To
maintain secure sessions, the firewall times them out after a specified amount
of time. The timeout interval is the amount of time the router will keep a
session open without the hosts exchanging data.
The Secure Router OS firewall also monitors authentication header (AH) and
encapsulating security payload (ESP) sessions, which are used with IPSec to
establish a secure virtual private network (VPN). The firewall can also monitor
generic routing encapsulation (GRE) sessions which are established between
tunnel interfaces on remote routers.
By default, the Secure Router OS firewall times out:
AH sessions after 60 seconds
ESP sessions after 60 seconds
GRE sessions after 60 seconds
ICMP sessions after 60 seconds
TCP sessions after 600 seconds (10 minutes)
UDP sessions after 60 seconds
You can alter these default timeout intervals. You can also set different
timeouts for various TCP and UDP applications. For example, you can have
Telnet sessions time out after one minute, while Web sessions time out after
twelve minutes have passed.

Setting the Timeout for a Protocol

The timeout interval for AH, ESP, GRE, and ICMP is the timeout interval for
all sessions that use that protocol.
The timeout interval for TCP and for UDP is the global timeout interval. That
is, the interval applies to all applications for which you have not configured a
different interval.
Configuring Timeouts for Sessions
4-21