05-13-2009 07:51 AM
Can anyone confirm what the default TCP timeout value is for TCP ports created on Juniper firewalls.
We are using SG550M's if it makes a difference. From what I can gather it is 30 mins (but may be wrong)
05-13-2009 09:58 AM
Yes, default it 30mins (TCP-ANY) service:
ssg5-isdn-wlan-> get ser | i HTTP
HTTP 6 80 info seeking 5 Pre-defined
HTTP-EXT 6 7001 info seeking 5 Pre-defined
HTTPS 6 443 security 30 Pre-defined
ssg5-isdn-wlan-> get ser | i TCP-ANY
TCP-ANY 6 0/65535 other 30 Pre-defined
notice, for HTTP, its 5 mins. In general, for TCP ports its 30mins. But this may or may not apply depending on whether there is already a predefined service which the firewall will match instead of the default timeouts.
Check out this KB which explains the session timeouts really well:
05-13-2009 01:12 PM