ssl timeout
Function
The ssl timeout command sets a timeout time for an SSL session.
The undo ssl timeout command restores the timeout time of an SSL session to the default setting.
Parameters
| Parameter | Description | Value |
|---|---|---|
| time | Specifies the time span. | The value is an integer that ranges from 1 to 1440, expressed in minutes. |
Usage Guidelines
By default, the timeout time of an SSL session is 5 minutes.
The timeout time specifies the time to disconnect the SSL connection when there is no traffic to pass. Any operation can generate a traffic flow. Thus the session timeout time is initialized to zero and the timer restarts timing. When the SSL session reaches the timeout time, the client and the server need to re-authenticate each other and the user needs re-log in.
If the SSL session timeout time is shorter than the aging time of the HTTPS session entry, the SSL VPN user is forced to log out after the SSL session timeout time expires. The SSL connection between the client and the FW is closed, and the corresponding HTTPS session entry on the FW will be aged out. In this case, the user needs to re-log in from the client to continue to use network extension.
If the SSL session timeout time is longer than the aging time of the HTTPS session entry, when the aging time of the HTTPS session entry expires but the SSL session timeout time does not expire, the HTTPS session from the client to the FW will be aged out, but the SSL VPN user will not be logged out from the FW. In this case, the SSL VPN user does not need to re-log in. The client of the user needs to reestablish a connection with the FW (for example, refresh the SSL VPN login page) to continue to use network extension.