[unisog] Border Firewall Session Timeout Settings

Joshua Thomas thomasj4+unisog at oak.cats.ohiou.edu
Tue Oct 31 18:35:51 GMT 2006


We're in the process of deploying a firewall at our network border and are 
attempting to tune session timeout values, such as TCP handshake timeout, 
idle session timeout, and service timeouts, in order to minimize impact to 
ongoing operations while protecting against DoS conditions.

We're under an implementation timetable crunch, so we don't have a big 
window for analysis of our traffic to determine the right settings.  We're 
looking for advice from someone who's been down this path before.  Anyone 
have "common practice" timeout settings they're willing to share?  We're 
using Juniper - anyone have experience with their defaults?

Joshua Thomas, CISSP
Interim CISO
Ohio University
E-Mail: thomasj4 at ohio.edu


More information about the unisog mailing list