Setting Timeouts For Specific Tcp And Udp Applications - HP 7102dl - ProCurve Secure Router Configuration Manual

ProCurve Secure Router OS Firewall—Protecting the Internal, Trusted Network
Configuring Timeouts for Sessions
4-22
The default settings for these timeouts are usually adequate. However, you
can alter them in accordance with your organization's policies with this
command:
Syntax: ip policy-timeout [ahp | esp | gre | icmp] <seconds>
Syntax: ip policy-timeout [tcp | udp] all-ports <seconds>
The timeout interval can range from 0 to 4,294,967,295 seconds. If you set the
timeout to 0, sessions will never timeout. For TCP and UDP, you must add the
all-ports keyword to specify that this interval is the default timeout for all
applications.
For example, enter commands such as:
ProCurve(config)# ip policy-timeout tcp all-ports 450
ProCurve(config)# ip policy-timeout icmp 120
You can also set a timeout interval for any RTP session. See "Enabling Firewall
Traversal" on page 4-20.
Setting Timeouts for Specific TCP and UDP
Applications
You can set different timeout intervals for various TCP or UDP applications
by specifying the protocol port of the application.
For example, you can configure the firewall to override the TCP timeout
interval and time out Telnet sessions after only one minute. You enter the same
command used to set the TCP timeout interval, but you add the port number
for the specific application:
Syntax: ip policy-timeout [tcp | udp] [all-ports | <port> | range <first port> <last port>]
<seconds>
You can enter port numbers from 0 to 65,535. (The range for seconds is the
same as for the global TCP and UDP commands.) For example, Telnet's TCP
port number is 23. You can configure a Telnet session to time out after a
minute:
ProCurve(config)# ip policy-timeout tcp 23 60
The CLI allows you to enter a keyword instead of a port number for many well-
known applications including Telnet, HTTP, Secure Shell, DNS, and Simple
Mail Transfer Protocol (SMTP).