Intel Security SNS ProTip for Host IPS: Host IPS 8.0 Firewall TCP Connection Timeout

Version 1

    u can adjust TCP connection timeout, if required, in the Host IPS 8.0 Firewall Options policy. This is the value (in seconds) in which Host IPS state table entries will remain for idle TCP connections. Inactive connections exceeding this value are removed from the Host IPS firewall state table. The timeout is applicable only to idle connections. In some cases, some client-server applications may not respond in a timely manner when communicating over network interfaces.  This can result in excessive TCP connection resets or connections remaining open on corresponding application servers or related network devices. The default value for TCP connection timeout is 30 seconds.


    NOTE: Setting an excessive TCP timeout on servers with a large number of connections may lead to increased performance problems. Firewall and resource activity should be monitored closely when adjusting TCP connection timeout values.


    For more information, please refer to KB84567 (


    For more resources, visit the ServicePortal and search for related content. Also, visit the McAfee Host IPS Community (


    Intel Security SNS ProTips help you maximize your protection with troubleshooting, best practices, how-to tips, and links to Knowledge Center resources. To unsubscribe from ProTips or change your SNS settings, visit the SNS Subscription Center.