Configure timeout parameters for TCP, UDP and ICMP protocols.

After a session timer has been created it can be changed as needed. The default session timer can also be edited.

Procedure

  1. Navigate to Timeout Settings.
    • In NSX 6.4.1 and later, navigate to Networking & Security > Security > Firewall Settings > Timeout Settings.
    • In NSX 6.4.0, navigate to Networking & Security > Security > Firewall > Settings .
  2. If there is more than one NSX Manager available, select one from the drop-down list.
  3. Select the timer you want to edit. Note that the default timer values can also be edited. Click the pencil icon.
  4. Enter a name (required) and a description (optional) for the session timer.
  5. Select the protocol. Edit any default values that you want to change.
    TCP Variables Description
    First Packet The timeout value for the connection after the first packet has been sent. The default is 120 seconds.
    Closing The timeout value for the connection after the first FIN has been sent. The default is 120 seconds.
    Open The timeout value for the connection after a second packet has been transferred. The default is 30 seconds.
    Fin Wait The timeout value for the connection after both FINs have been exchanged and the connection is closed. The default is 45 seconds.
    Established The timeout value for the connection once the connection has become fully established.
    Closed The timeout value for the connection after one endpoint sends an RST. The default is 20 seconds.
    UDP Variables Description
    First Packet The timeout value for the connection after the first packet is sent. This will be the initial timeout for the new UDP flow. The default is 60 seconds.
    Single The timeout value for the connection if the source host sends more than one packet and the destination host has not sent one back. The default is 30 seconds.
    Multiple The timeout value for the connection if both hosts have sent packets. The default is 60 seconds.
    ICMP Variables Description
    First Packet

    The timeout value for the connection after the first packet is sent. This is the initial timeout for the new ICMP flow. The default is 20 seconds.

    Error reply The timeout value for the connection after an ICMP error is returned in response to an ICMP packet. The default is 10 seconds.
  6. In NSX 6.1 and later, click Next.
  7. Select the object type, vNIC or VM.
    The Available Objects list is automatically populated.
  8. Select one or more objects and click the arrow to move them to the Selected Objects column.
  9. Click OK or Finish.