You want to change the session timeout value for a service.
You can change the session timeout value on predefined as well as custom-defined services. You can modify the timeout value of a predefined service, such as HTTP, as follows:
set service http timeout 15
This configuration changes the service timeout for HTTP to 15 minutes from the default value of five minutes.
Similarly, you can modify the timeout value of a custom-defined service, such as
Lotus_Notes, to 45 minutes:
set service Lotus_Notes timeout 45
In addition to using the
set service command, you have to reference the particular service with the modified timeout in a firewall policy by its specific service name for this new timeout to take effect.
The timeout value of a service represents the amount of time that can elapse with no packets transmitted while the session is maintained in the firewall session table.
Certain applications, such as web servers, rapidly close out a TCP connection by sending a TCP segment with the
RST flag set after serving up a response to an HTTP request. ScreenOS gateways purge the session from the session table upon seeing a TCP
FIN or a TCP
RST, which signifies the end of the communication. Other applications deliberately keep a communication channel open by periodically sending application-specific keepalive messages. Finally, some applications do not explicitly close out a TCP connection by negotiating a ...