Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
421422423424425426427428429430
4-113
Firewall
Connection Timeouts
Connection Timeouts
In addition to screening TCP and UDP packets for attacks, the TMS zl Module
monitors all ICMP, TCP, and UDP sessions. One of the advantages of a stateful
firewall is that it monitors sessions to ensure that they proceed in a valid and
logical fashion. To maintain secure sessions, the firewall times out inactive
sessions after a specified time. This helps mitigate the effects of flooding
attacks by allowing the server to withdraw service from abandoned connec-
tions. The timeout interval is the amount of time the firewall will keep a session
open without the devices exchanging data.
By default, the TMS zl Module terminates inactive sessions accordingly:
TCP sessions after 600 seconds
UDP sessions after 60 seconds
ICMP sessions after 60 seconds
TCP Handshakes after 30 seconds
TCP Resets after 0 seconds
You can alter these timeout settings (see “Configure Timeout Settings for
Sessions” on page 4-114.)
Additionally, the TMS zl Module allows you to configure custom timeout
settings for specific TCP or UDP services used on your network. The settings
for the specific service take precedence over the setting for the protocol. (See
“Configure Timeout Settings for Services” on page 4-115.) The TMS zl Module
ships with the following custom timeouts:
ftpinac (inactive FTP) — 600 seconds
hainac (inactive high availability) — 60,000 seconds (3.5 days)
dnsinac (inactive DNS) — 120 seconds
Some factors to consider when setting the timeouts are:
Network latency
For networks with high latency, short timeout settings may interrupt
sessions that are waiting for acknowledgement. This may frustrate the
work of a user whose connection is already slow.