Default Session Timer Values
The session timer profile applies the timeout values to Tier-0 or Tier-1 router
interfaces or groups containing segments, segment-ports, tags, or any other non-IP based
groups. The timeout values decide how long a protocol session remains
active after the session closes.
Session Timer Values
- Default Timer Profile shown with API and UI applies only to distributed firewall (DFW).
- Gateway Firewall (GFW) default session timers are different than the default timer profile seen when using API and UI. GFW default session timers are optimized for North-South traffic, and some of them are lower than minimum configurable values by default.
- Firewall session timers can be changed for both DFW and GFW by using the API and UI.
- The same non-default timer profile can be applied to both DFW and GWF, if needed.
If you do not customize timer values, the gateway takes default values. Gateway
firewall default timer values:
Timer Property | Edge Default (secs) | Minimum (secs) | Maximum (secs) |
|---|---|---|---|
ICMP Error Reply | 6 | 10 | 4320000 |
ICMP First Packet | 6 | 10 | 4320000 |
TCP Closed | 2 | 10 | 4320000 |
TCP Closing | 900 | 10 | 4320000 |
TCP Established | 7200 | 120 | 4320000 |
TCP Fin-wait | 4 | 10 | 4320000 |
TCP First Packet | 120 | 10 | 4320000 |
TCP Opening | 30 | 10 | 4320000 |
UDP First Packet | 30 | 10 | 4320000 |
UDP Multiple | 30 | 10 | 4320000 |
UDP Single | 30 | 10 | 4320000 |
Distributed firewall default session
timer values:
Timer Property | DFW Default (secs) | Minimum (secs) | Maximum (secs) |
|---|---|---|---|
ICMP Error Reply | 10 | 10 | 4320000 |
ICMP First Packet | 20 | 10 | 4320000 |
TCP Closed | 20 | 10 | 4320000 |
TCP Closing | 120 | 10 | 4320000 |
TCP Established | 43200 | 120 | 4320000 |
TCP Fin-wait | 45 | 10 | 4320000 |
TCP First Packet | 120 | 10 | 4320000 |
TCP Opening | 30 | 10 | 4320000 |
UDP First Packet | 60 | 10 | 4320000 |
UDP Multiple | 60 | 10 | 4320000 |
UDP Single | 30 | 10 | 4320000 |