Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
341342343344345346347348349350
4-97
Firewall
Connection Timeouts
Connection Timeouts
In addition to screening TCP and UDP packets for attacks, the TMS zl Module
monitors all ICMP, TCP, and UDP sessions. One of the advantages of a stateful
firewall is that it monitors sessions to ensure that they proceed in a valid and
logical fashion. To maintain secure sessions, the firewall times out inactive
sessions after a specified time. This helps mitigate the effects of flooding
attacks by allowing the server to withdraw service from abandoned connec-
tions. The timeout interval is the amount of time the firewall will keep a session
open without the devices exchanging data.
By default, the TMS zl Module terminates inactive sessions accordingly:
TCP sessions after 600 seconds
UDP sessions after 60 seconds
ICMP sessions after 60 seconds
TCP Handshakes after 30 seconds
TCP Resets after 0 seconds
The TMS zl Module also ships with the following custom timeouts:
ftpinac (inactive FTP) — 600 seconds
hainac (inactive high availability) — 60,000 seconds (3.5 days)
dnsinac (inactive DNS) — 120 seconds
The TMS zl Module allows you to configure the timeout settings. Additionally,
the TMS zl Module allows you to configure timeout settings for other services
used on your network. Some factors to consider when setting the timeouts are:
Network latency
For networks with high latency, short timeout settings may interrupt
sessions that are waiting for acknowledgement. This may frustrate the
work of a user whose connection is already slow.
Trust level
Long, intermittent idle times may be common among some trusted users.
Imposing a timeout limit could hamper their productivity. Nonetheless,
setting a long timeout for all users is a considerable security risk and can
drain network resources.