The session timer profile applies the timeout values to Tier-0 or Tier-1 router interfaces or groups containing segments, segment-ports, tags, or any other non-IP based groups. The timeout values decide how long a protocol session remains active after the session closes.
Session Timer Values
- Default Timer Profile shown with API and UI applies only to distributed firewall (DFW).
- Gateway Firewall (GFW) default session timers are different than the default timer profile seen when using API and UI. GFW default session timers are optimized for North-South traffic, and some of them are lower than minimum configurable values by default.
- Firewall session timers can be changed for both DFW and GFW by using the API and UI.
- The same non-default timer profile can be applied to both DFW and GWF, if needed.
If you do not customize timer values, the gateway takes default values. Gateway firewall default timer values:
Timer Property |
Edge Default (secs) |
Minimum (secs) |
Maximum (secs) |
ICMP Error Reply |
6 |
10 |
4320000 |
ICMP First Packet |
6 |
10 |
4320000 |
TCP Closed |
2 |
10 |
4320000 |
TCP Closing |
900 |
10 |
4320000 |
TCP Established |
7200 |
120 |
4320000 |
TCP Fin-wait |
4 |
10 |
4320000 |
TCP First Packet |
120 |
10 |
4320000 |
TCP Opening |
30 |
10 |
4320000 |
UDP First Packet |
30 |
10 |
4320000 |
UDP Multiple |
30 |
10 |
4320000 |
UDP Single |
30 |
10 |
4320000 |
Distributed firewall default session timer values:
Timer Property |
DFW Default (secs) |
Minimum (secs) |
Maximum (secs) |
ICMP Error Reply |
10 |
10 |
4320000 |
ICMP First Packet |
20 |
10 |
4320000 |
TCP Closed |
20 |
10 |
4320000 |
TCP Closing |
120 |
10 |
4320000 |
TCP Established |
43200 |
120 |
4320000 |
TCP Fin-wait |
45 |
10 |
4320000 |
TCP First Packet |
120 |
10 |
4320000 |
TCP Opening |
30 |
10 |
4320000 |
UDP First Packet |
60 |
10 |
4320000 |
UDP Multiple |
60 |
10 |
4320000 |
UDP Single |
30 |
10 |
4320000 |