Hyperscale firewall VDOM session timeouts
Using the following command you can define session timeouts for a specific protocols and port ranges for a hyperscale firewall VDOM. These session timeouts apply to sessions processed by the current hyperscale firewall VDOM. You can set up different session timeouts for each hyperscale firewall VDOM.
config vdom
edit <hyperscale-firewall-vdom-name>
config system session-ttl
config port
edit 1
set protocol <protocol-number>
set timeout <timeout>
set refresh-direction {outgoing | incoming | both}
end
protocol <protocol-number> a protocol number in the range 0 to 255. Default 0.
timeout <timeout> the time in seconds after which a matching idle session is terminated. Range 1 to 2764800. Default 300. This option can be used to set very low timeout values for protocols with very short session times such as DNS or ICMP sessions. Setting the timeout to low values for these sessions reduces hyperscale VDOM session overhead. For more information, see Reducing the number of DNS and ICMP sessions.
You cannot set the timeout value of TCP sessions (protocol 6) to less than 300 seconds. Setting the timeout lower than 300 for protocol 6 is discarded by the CLI.
refresh-direction {outgoing | incoming | both} control whether idle outgoing or incoming or both outgoing and incoming sessions are terminated when the timeout is reached.
|
Global session timeouts apply to sessions in hyperscale firewall VDOMs that do not match |