华为USG
<USG>display firewall session aging-time
2026-01-18 11:43:25.668 +08:00
Sequence Pre-defined Default-Time(s) Timeout(s)
--------------------------------------------------------------------------
1 tcp 1200 (s) 3600 (s)
2 udp 120 (s) 120 (s)
3 icmp 20 (s) 20 (s)
4 syn 5 (s) 5 (s)
5 fin-rst 10 (s) 10 (s)
6 first-fin 900 (s) 900 (s)
7 ah 600 (s) 600 (s)
8 gre 600 (s) 600 (s)
9 esp 600 (s) 600 (s)
10 sctp 600 (s) 600 (s)
11 sctp-init 5 (s) 5 (s)
12 sctp-close 10 (s) 10 (s)
13 multihome 30 (s) 30 (s)
14 fragment 5 (s) 5 (s)
15 http 1200 (s) 1200 (s)
16 dns 30 (s) 30 (s)
17 ftp 1200 (s) 1200 (s)为啥上面的tcp有2个参数,1200秒和3600秒
Default-Time (默认时间):1200秒 (20分钟)
这是TCP会话在正常通信状态下的老化时间
当TCP连接建立后,在没有异常情况下,会话表项会在这个时间后被清除-
Timeout (超时时间):3600秒 (60分钟)
这是TCP会话在异常状态下的老化时间
主要针对TCP半开连接、异常终止等特殊状态
Cisco ASA
Cisco-ASA# show run timeout
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10