Hi Rob,
Generally the default timeout values should be fine. These are *idle*
timeout values, so if the connection is completed normally, the connection
slot on the PIX is deleted and cannot be re-used in a continuation or
spoofing attempt.
Hope that helps,
Lisa Napier
Product Security Incident Response Team
Cisco Systems
http://www.cisco.com/warp/public/707/sec_incident_response.shtml
At 12:44 PM 08/02/2000 -0400, Rob Serfozo wrote:
>I have a Pix 515 and was wondering if anyone using a pix had suggestions on
>the timeout settings. Do you just leave the Xlate, conn, and other to their
>default. Or would it be a better security policy to lower these timeouts.
>
>Thanks,
>Rob Serfozo
>
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
