Protocol states in a session and possible timeout

The table below lists the possible values of the protocol state in a Kaspersky NGFW session and the timeout possible for these states until the session is ended. These states are displayed in the Session protocol state column in the Session manager section.

You can change the timeout separately for each protocol state in a session on a device or in a network template.

To configure the session timeout:

  1. In the main menu of the Open Single Management Platform Console, go to the Application & Services → NGFW section.
  2. Configure the session timeout in one of the following ways:
    • If you want to configure the session timeout in a device template, in the menu, select the Network templates tab, click the device template, and select the System → Session timeouts section.
    • If you want to configure the session timeout on a Kaspersky NGFW device, select the Devices tab in the menu, click a Kaspersky NGFW device, and select the System → Session timeouts section.

    This opens the page with timeout settings for each protocol state.

  3. Set a timeout for each state of the TCP, UDP, ICMP, and other protocols. Possible timeout values and default settings are listed in the table below.

    When you change the timeout, the new timeout is also applied to active sessions.

  4. If necessary, you can restore the default values by clicking the corresponding button.
  5. To apply the settings to the device or network template, click Save and close.

The new timeout settings are applied to the device or template.

Timeout of protocol states in a session

Protocol

Protocol state in a session

Possible timeout in seconds

Default timeout in seconds

Affected by the passage of packets

TCP

 

Handshake

1 to 60

5

Not affected. When the timeout expires, the session ends regardless of the passage of packets.

Established

1 to 15,999,999

3600

Passage of packets refreshes the state.

Closing

1 to 604,800

120

Not affected. When the timeout expires, the session ends regardless of the passage of packets.

Time wait

1 to 600

5

Not affected. When the timeout expires, the session ends regardless of the passage of packets.

Reset

1 to 600

0

While processing a single packet, the session enters the reset state and ends.

UDP

 

One way

1 to 1 599 999

30

Passage of packets resets the timeout.

Two way

1 to 1 599 999

30

Passage of packets resets the timeout.

ICMP

 

One way

1 to 15 999 999

6

Passage of packets resets the timeout.

Two way

1 to 15 999 999

6

Passage of packets resets the timeout.

Other

 

One way

1 to 1 599 999

30

Passage of packets resets the timeout.

Two way

1 to 1 599 999

30

Passage of packets resets the timeout.

discarded

0 to 15 999 999

60

Not affected. When the timeout expires, the session ends regardless of the passage of packets.

Page top