SD-WAN Orchestrator allows you to set session timeout for established and non-established TCP flows, UDP flows, and other flows at the Profile level. Optionally, you can also override the Stateful firewall settings at the Edge level.
To configure Stateful Firewall settings at the profile level, perform the following steps.
Procedure
- Under Stateful Firewall Settings area, configure the following settings:
By default, the timeout sessions are applied for IPv4 addresses.Note: If you want to configure Stateful firewall timeout sessions for IPv6 addresses, you must use the New Orchestrator UI. For more information, see Configure Firewall with New Orchestrator UI.Field Description Established TCP Flow Timeout (seconds) Sets the inactivity timeout period (in seconds) for established TCP flows, after which they are no longer valid. The allowable value ranges from 60 seconds through 15999999 seconds. The default value is 7440 seconds. Non Established TCP Flow Timeout (seconds) Sets the inactivity timeout period (in seconds) for non-established TCP flows, after which they are no longer valid. The allowable value ranges from 60 seconds through 604800 seconds. The default value is 240 seconds. UDP Flow Timeout (seconds) Sets the inactivity timeout period (in seconds) for UDP flows, after which they are no longer valid. The allowable value ranges from 60 seconds through 15999999 seconds. The default value is 300 seconds. Other Flow Timeout (seconds) Sets the inactivity timeout period (in seconds) for other flows such as ICMP, after which they are no longer valid. The allowable value ranges from 60 seconds through 15999999 seconds. The default value is 60 seconds. Note:The configured timeout values apply only when the memory usage is below the soft limit. Soft limit corresponds to anything below 60 percent of the concurrent flows supported by the platform in terms of memory usage.
