11-18
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 11 Connection Settings
History for Connection Settings
History for Connection Settings
Feature Name
Platform
Releases
Description
TCP state bypass
8.2(1)
This feature was introduced. The following command was
introduced:
set connection advanced-options
tcp-state-bypass
.
Connection timeout for all protocols
8.2(2)
The idle timeout was changed to apply to all protocols, not
just TCP.
The following command was modified:
set connection
timeout
Timeout for connections using a backup static
route
8.2(5)/8.4(2)
When multiple static routes exist to a network with different
metrics, the ASA uses the one with the best metric at the
time of connection creation. If a better route becomes
available, then this timeout lets connections be closed so a
connection can be reestablished to use the better route. The
default is 0 (the connection never times out). To take
advantage of this feature, change the timeout to a new value.
We modified the following command:
timeout
floating-conn
.
Configurable timeout for PAT xlate
8.4(3)
When a PAT xlate times out (by default after 30 seconds),
and the ASA reuses the port for a new translation, some
upstream routers might reject the new connection because
the previous connection might still be open on the upstream
device. The PAT xlate timeout is now configurable, to a
value between 30 seconds and 5 minutes.
We introduced the following command:
timeout pat-xlate
.
This feature is not available in 8.5(1) or 8.6(1).
Increased maximum connection limits for
service policy rules
9.0(1)
The maximum number of connections for service policy
rules was increased from 65535 to 2000000.
We modified the following commands:
set connection
conn-max
,
set connection embryonic-conn-max
,
set
connection per-client-embryonic-max
,
set connection
per-client-max
.
Decreased the half-closed timeout minimum
value to 30 seconds
9.1(2)
The half-closed timeout minimum value for both the global
timeout and connection timeout was lowered from 5
minutes to 30 seconds to provide better DoS protection.
We modified the following commands:
set connection
timeout half-closed
,
timeout half-closed
.
Содержание ASA 5512-X
Страница 5: ...P A R T 1 Service Policies and Access Control ...
Страница 6: ......
Страница 50: ...3 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 3 Access Rules History for Access Rules ...
Страница 51: ...P A R T 2 Network Address Translation ...
Страница 52: ......
Страница 126: ...5 28 Cisco ASA Series Firewall CLI Configuration Guide Chapter 5 NAT Examples and Reference DNS and NAT ...
Страница 127: ...P A R T 3 Application Inspection ...
Страница 128: ......
Страница 255: ...P A R T 4 Connection Settings and Quality of Service ...
Страница 256: ......
Страница 288: ...12 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 12 Quality of Service History for QoS ...
Страница 303: ...P A R T 5 Advanced Network Protection ...
Страница 304: ......
Страница 339: ...P A R T 6 ASA Modules ...
Страница 340: ......
Страница 398: ...17 28 Cisco ASA Series Firewall CLI Configuration Guide Chapter 17 ASA CX Module History for the ASA CX Module ...