[unisog] Border Firewall Session Timeout Settings

Allen Rueter allen at z6.cts.wustl.edu
Tue Oct 31 19:55:59 GMT 2006


Josh,
	The only one we had to up was for ssh, it's set to 9 hours.
all the rest on our lucent brick are 5 minutes or less.

Allen


On Tue, Oct 31, 2006 at 01:35:51PM -0500, Joshua Thomas wrote:
> Hi,
> 
> We're in the process of deploying a firewall at our network border and are 
> attempting to tune session timeout values, such as TCP handshake timeout, 
> idle session timeout, and service timeouts, in order to minimize impact to 
> ongoing operations while protecting against DoS conditions.
> 
> We're under an implementation timetable crunch, so we don't have a big 
> window for analysis of our traffic to determine the right settings.  We're 
> looking for advice from someone who's been down this path before.  Anyone 
> have "common practice" timeout settings they're willing to share?  We're 
> using Juniper - anyone have experience with their defaults?
> 
> Thanks,
> Josh
> -----------------------------
> Joshua Thomas, CISSP
> Interim CISO
> Ohio University
> E-Mail: thomasj4 at ohio.edu
> -----------------------------
> 
> 
>  
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog

-- 

Allen P. Rueter              314/935-6429 Fx:314/935-7302
Director of CTS              allen at cts.wustl.edu
Camp Box 1045 Bryan Rm 509     ___ ___ ___
Washington University         / __|_ _/ __|
One Brookings Dr.            | (__ | |\__ \
St. Louis MO  63130           \____|_|____/
Office: 406B Lopata



More information about the unisog mailing list