- Products
- Learn
- Local User Groups
- Partners
- More
Introduction to Lakera:
Securing the AI Frontier!
Quantum Spark Management Unleashed!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
What is the default timeouts for TCP,UDP and other protocols on checkpoint state table?
I don't remember these defaults ever changing going back to at least R55. I'd love to be corrected but this should be the defaults
TCP start timeout: 25
TCP session timeout: 3600
TCP end timeout: 20
UDP Virtual session timeout: 40
ICMP virtual session timeout: 30
Other IP Protocols virtual session timeout: 60
These are newish to me
SCTP start timeout: 30
SCTP session timeout: 3600
SCTP end timeout: 20
Policy Menu...Global Properties...Stateful Inspection screen in the SmartConsole/SmartDashboard. Values may vary depending on your code version.
--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com
Hi Tim
I have seen different timers as below. When i checked with TAC, they insisted to change this to default of 3600s for TCP session timeout. Is this something that i should do or keep it that value? This is 26000 chassis running R81.10.
TCP start timeout: 25
TCP session timeout: 7800
TCP end timeout: 20
UDP Virtual session timeout: 40
ICMP virtual session timeout: 30
Other IP Protocols virtual session timeout: 60
SCTP start timeout: 30
SCTP session timeout: 3600
SCTP end timeout: 20
7800 instead of 3600 is fine unless your connection table is running out of memory. That value must have been changed by someone for a reason, and changing it back might break some things such as long-running database connections that are left up for extended periods with little activity. Possible it was determined at some point that whatever the application is it has some kind of keepalive every 120 minutes/2 hours, so the TCP idle timer was set to 2 hours 10 minutes (7800 sec) as a result.
Hi,
We are facing connection reset very rarely in a day at random time.
K8s application apache http client connecto another k8s application via nva checkpoint. Client and server has keep alive is 1min.
I seen default tcp session timeout is 3600s but keepalive is 7200s. Will this cause issue? Can we increase tcp session timeout around 7500s. So that idle connection will be in the table. Http client tries to reuse the same tcp connection. Can you please help me on this?
Please start a new thread on this issue with the exact symptoms, versions in use, etc.
The question I always have to ask is: why are you looking to change the timeout in the first place?
In other words, is there a problem you’re trying to solve that you expect that adjusting that timeout might solve?
I presume this is the case if TAC is suggesting to change it, who should also be able to clarify why this change is being recommended.
Thanks Timothy/Phoneboy for your input.
It was actually a PS engagement from Checkpoint which did a health check n the gateways and identified this non standard value and asked to change it if not specifically changed for a reason. We could not find any change record as well to justify why it was changed from the default.
I guess the more prudent thing to do is leave it as is if that is not causing any issues.
I don't remember these defaults ever changing going back to at least R55. I'd love to be corrected but this should be the defaults
TCP start timeout: 25
TCP session timeout: 3600
TCP end timeout: 20
UDP Virtual session timeout: 40
ICMP virtual session timeout: 30
Other IP Protocols virtual session timeout: 60
These are newish to me
SCTP start timeout: 30
SCTP session timeout: 3600
SCTP end timeout: 20
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
15 | |
12 | |
8 | |
6 | |
6 | |
6 | |
5 | |
5 | |
4 | |
3 |
Tue 30 Sep 2025 @ 08:00 AM (EDT)
Tips and Tricks 2025 #13: Strategic Cyber Assessments: How to Strengthen Your Security PostureTue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFTue 30 Sep 2025 @ 08:00 AM (EDT)
Tips and Tricks 2025 #13: Strategic Cyber Assessments: How to Strengthen Your Security PostureThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY