Firewall Configuration
Using Other Tools to Control Access to the Internet
Cisco SA 500 Series Security Appliances Administration Guide
142
5
•
TCP Session Timeout Duration (seconds):
Inactive TCP sessions are
removed from the session table after this duration. Most TCP sessions
terminate normally when the RST or FIN flags are detected. This value can
range between 0 and 4,294,967 seconds. The default is 1,800 seconds (30
minutes).
•
UDP Session Timeout Duration (seconds):
Inactive UDP sessions are
removed from the session table after this duration. This value can range
between 0 and 4,294,967 seconds. The default is 120 seconds (2 minutes).
•
Other Session Timeout Duration (seconds):
Inactive non-TCP/UDP
sessions are removed from the session table after this duration. This value
can range between 0 and 4,294,967 seconds. The default is 60 seconds.
•
TCP Session Cleanup Latency (seconds):
Maximum time for a session to
remain in the session table after detecting both FIN flags. This value can
range between 0 and 4,294,967 seconds. The default is 10 seconds.
STEP 3
Click
Apply
to save your settings, or click
Reset
to revert to the saved settings.
Using Other Tools to Control Access to the Internet
The gateway offers some standard web filtering options to allow the admin to
easily create internet access policies between the secure LAN and insecure WAN.
Instead of creating policies based on the type of traffic (as is the case when using
firewall rules), web based content itself can be used to determine if traffic is
allowed or dropped.
Refer to the following topics:
•
Configuring Content Filtering to Allow or Block Web Components,
page 143
•
Configuring Approved URLs to Allow Access to Websites, page 144
•
Configuring Blocked URLs to Prevent Access to Websites, page 145
•
Configuring IP/MAC Binding to Prevent Spoofing, page 146