Session Timers define how long a session is maintained on the firewall after inactivity in the session.

On the firewall, you can define timeouts for TCP, UDP, and ICMP sessions for a set of user defined VMs or vNICS. The default timer is global, meaning that it applies to all virtual machines protected by firewall.

Procedure

  1. Navigate to Timeout Settings.
    • In NSX 6.4.1 and later, navigate to Networking & Security > Security > Firewall Settings > Timeout Settings.
    • In NSX 6.4.0, navigate to Networking & Security > Security > Firewall > Settings .
  2. If there is more than one NSX Manager available, select one from the drop-down list.
  3. Click the Add (add icon) icon.
  4. Enter a name (required) and a description (optional) for the session timer.
  5. Select the protocol. Accept the default values or enter your own values.
    TCP Variables Description
    First Packet The timeout value for the connection after the first packet has been sent. The default is 120 seconds.
    Closing The timeout value for the connection after the first FIN has been sent. The default is 120 seconds.
    Open The timeout value for the connection after a second packet has been transferred. The default is 30 seconds.
    Fin Wait The timeout value for the connection after both FINs have been exchanged and the connection is closed. The default is 45 seconds.
    Established The timeout value for the connection once the connection has become fully established.
    Closed The timeout value for the connection after one endpoint sends an RST. The default is 20 seconds.
    UDP Variables Description
    First Packet The timeout value for the connection after the first packet is sent. This will be the initial timeout for the new UDP flow. The default is 60 seconds.
    Single The timeout value for the connection if the source host sends more than one packet and the destination host has not sent one back. The default is 30 seconds.
    Multiple The timeout value for the connection if both hosts have sent packets. The default is 60 seconds.
    ICMP Variables Description
    First Packet The timeout value for the connection after the first packet is sent. This is the initial timeout for the new ICMP flow. The default is 20 seconds.
    Error reply The timeout value for the connection after an ICMP error is returned in response to an ICMP packet. The default is 10 seconds.
  6. In NSX 6.1 and later, click Next.
  7. Select the object type, vNIC or VM.
    The Available Objects list is automatically populated.
  8. Select one or more objects and click the arrow to move them to the Selected Objects column.
  9. Click OK or Finish.

Results

A timer has been created to apply to set of user defined hosts.