16-18
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 16 Connection Settings
History for Connection Settings
• show threat-detection statistics top tcp-intercept [all | detail]
View the top 10 protected servers under attack. The all keyword shows the history data of all the
traced servers. The detail keyword shows history sampling data. The ASA samples the number of
attacks 30 times during the rate interval, so for the default 30 minute period, statistics are collected
every 60 seconds.
History for Connection Settings
Feature Name
Platform
Releases Description
TCP state bypass 8.2(1) This feature was introduced. The following command was
introduced: set connection advanced-options
tcp-state-bypass.
Connection timeout for all protocols 8.2(2) The idle timeout was changed to apply to all protocols, not
just TCP.
The following command was modified: set connection
timeout
Timeout for connections using a backup static
route
8.2(5)/8.4(2) When multiple static routes exist to a network with different
metrics, the ASA uses the one with the best metric at the
time of connection creation. If a better route becomes
available, then this timeout lets connections be closed so a
connection can be reestablished to use the better route. The
default is 0 (the connection never times out). To take
advantage of this feature, change the timeout to a new value.
We modified the following command: timeout
floating-conn.
Configurable timeout for PAT xlate 8.4(3) When a PAT xlate times out (by default after 30 seconds),
and the ASA reuses the port for a new translation, some
upstream routers might reject the new connection because
the previous connection might still be open on the upstream
device. The PAT xlate timeout is now configurable, to a
value between 30 seconds and 5 minutes.
We introduced the following command: timeout pat-xlate.
This feature is not available in 8.5(1) or 8.6(1).
To Next Page
Loading...
Need help?
General