Default Session Timer Values

The session timer profile applies the timeout values to Tier-0 or Tier-1 router interfaces or groups containing segments, segment-ports, tags, or any other non-IP based groups. The timeout values decide how long a protocol session remains active after the session closes.

Session Timer Values

  • Default Timer Profile shown with API and UI applies only to distributed firewall (DFW).
  • Gateway Firewall (GFW) default session timers are different than the default timer profile seen when using API and UI. GFW default session timers are optimized for North-South traffic, and some of them are lower than minimum configurable values by default.
  • Firewall session timers can be changed for both DFW and GFW by using the API and UI.
  • The same non-default timer profile can be applied to both DFW and GWF, if needed.
If you do not customize timer values, the gateway takes default values. Gateway firewall default timer values:
Timer Property
Edge Default (secs)
Minimum (secs)
Maximum (secs)
ICMP Error Reply
6
10
4320000
ICMP First Packet
6
10
4320000
TCP Closed
2
10
4320000
TCP Closing
900
10
4320000
TCP Established
7200
120
4320000
TCP Fin-wait
4
10
4320000
TCP First Packet
120
10
4320000
TCP Opening
30
10
4320000
UDP First Packet
30
10
4320000
UDP Multiple
30
10
4320000
UDP Single
30
10
4320000
Distributed firewall default session timer values:
Timer Property
DFW Default (secs)
Minimum (secs)
Maximum (secs)
ICMP Error Reply
10
10
4320000
ICMP First Packet
20
10
4320000
TCP Closed
20
10
4320000
TCP Closing
120
10
4320000
TCP Established
43200
120
4320000
TCP Fin-wait
45
10
4320000
TCP First Packet
120
10
4320000
TCP Opening
30
10
4320000
UDP First Packet
60
10
4320000
UDP Multiple
60
10
4320000
UDP Single
30
10
4320000