10-15
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Chapter10 Application Security
Applications/Protocols
TCP Maximum Incomplete Sessions per Host:
The router starts deleting half-open sessions for the same host when the total
number for that host exceeds this number. The default number of sessions is 50.
If you check the Blocking Time field and enter a value, the router will continue
to block new connections to that host for the number of minutes that you specify.
Enable audit globally
Check if you want to turn on CBAC audit trail messages for all types of traffic.
Enable alert globally
Check if you want to turn on CBAC alert messages for all types of traffic.
Maximum incomplete session thresholds. These fields let you specify the
threshold values for the total number of existing half-open sessions.
Low Stop deleting new connections after the number of new
connections drops below this value. The default value is
400 sessions for Cisco IOS releases older than
12.4(11)T. When a Low value is not explicitly set,
Cisco IOS will stop deleting new sessions when the
number of sessions drops to 400.
For Cisco IOS release 12.4(11)T and later, the default
value is unlimited. When a Low value is not explicitly
set, Cisco IOS will not stop deleting new connections.
High Start deleting new connections when the number of new
connections exceeds this value. The default value is
500 sessions for Cisco IOS releases older than
12.4(11)T. When a High value is not explicitly set,
Cisco IOS starts deleting sessions when more than 500
new sessions have been established.
For Cisco IOS release 12.4(11)T and later, the default
value is unlimited. When a High value is not explicitly
set, Cisco IOS will not start deleting new connections.