15-27
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter15 Managing Firewall AAA Rules
AAA Firewall Settings Policies
Firewall AAA IOS Timeout Value Setting
Use the Firewall AAA IOS Timeout Value Setting dialog box to configure idle and absolute timeout
values for specific interfaces. These values override the global timeout values configured on the Firewall
> Settings > ScanSafe Web Security policy Server Timeout tab.
Navigation Path
From the Advanced tab of the AAA Page, page 15-25, click the Add Row button beneath the table of
interfaces, or select a row and click the Edit Row button.
Use HTTP banner from File
URL
Whether you want to use your own web page to authenticate HTTP
connections. Enter the URL for your HTTP banner.
If you configure both HTTP banner text and a URL, the URL banner
take precedence; however, the banner text is also configured on the
device.
Advanced Tab
Global Inactivity Time The length of time, in minutes, that the authentication proxy for a user
is maintained when there is no user activity in the session. If this timer
expires, the user session is cleared along with its dynamic user access
control list (ACL), and the user must re-authenticate. The range is 1 to
2,147,483,647. The default is 60 minutes.
Ensure that this timeout value is greater than or equal to the idle timeout
values configured in the Firewall > Settings > Inspection policy;
otherwise, timed-out user sessions might continue to be monitored and
eventually hang.
Global Absolute Time The length of time, in minutes, that an authentication proxy user
session can remain active. After this timer expires, the user session
must go through the entire process of establishing its connection as if it
were a new request. The range is 0 to 35,791. The default is 0, which
means that there is no global absolute timeout; user sessions are
maintained as long as they are active.
Interface Timeout Table This table contains the interfaces for which you want to configure
timeout values that differ from the global timeout values. If you want
to use the global values for all interfaces, you do not need to configure
anything in this table.
To add an interface with customized timeout values, click the Add
Row button and fill in the Firewall AAA IOS Timeout Value
Setting, page 15-27.
To edit a setting, select it and click the Edit Row button.
To delete a setting, select it and click the Delete Row button.
Table15-8 AAA Firewall Settings Policy (Continued)
Element Description