Timeout Intervals for Zero Trust Access Sessions
Cisco Secure Access Zero Trust Access (ZTA) provides secure, remote connectivity for end users to configured private resources and internet destinations. This guide is a reference that describes the Secure Access ZTA session timeout intervals for end users.
Table of Contents
- About Zero Trust Access Sessions
- ZTA Connections to Private Resources
- ZTA Connections to Private Resources with IPS or File Malware Scanning
- ZTA Connections to Internet Destinations
About Zero Trust Access Sessions
While a client using Secure Access ZTA exchanges network traffic on private resources or internet destinations, the client's ZTA session is active. Secure Access proxies the network traffic on the ZTA session to the private resources or internet destinations. When an end user's ZTA connection is not in use for a specific time period, the client's ZTA session expires.
Secure Access manages the timeout intervals of the ZTA sessions for the Cisco Secure Client. After a user's ZTA session expires and then the Secure Client requests a private resource or internet destination, Secure Access reconnects the session automatically and transparently for the end user.
Secure Access determines when the ZTA session timeout occurs based on the session's network traffic, IPS and file malware scanning settings enabled in the Access policy, and the protocol and ports used to connect to the private resources or internet destinations.
Note: For browser-based Secure Access ZTA, browsers manage the ZTA sessions and timeout intervals transparently.
ZTA Connections to Private Resources
An end-user's ZTA session with the Cisco Secure Client times out periodically. Secure Access determines the ZTA timeout interval for the ports and protocol where the Secure Client connects to the private resources.
Secure Access supports these session timeout intervals for connections to private resources.
| Protocol and Ports | ZTA Timeout Interval |
|---|---|
| UDP | 300 seconds |
| TCP ports 80/443 | 1200 seconds |
| All TCP ports except 80/443 | 3600 seconds |
ZTA Connections to Private Resources with IPS or File Malware Scanning
An end-user's ZTA session with the Cisco Secure Client times out periodically. Secure Access determines the ZTA timeout interval for the ports and protocol where the Secure Client connects to the private resources. Whether the organization configures IPS or file malware scanning on the private resources also contributes to the idle session timeout interval for connections to private resources.
Secure Access supports these session timeout intervals for connections to private resources with IPS or file malware scanning.
| Protocol and Ports | ZTA Timeout Interval |
|---|---|
| UDP | 30 seconds |
| TCP ports 80/443 | 1200 seconds |
| All TCP ports except 80/443 | 3600 seconds |
ZTA Connections to Internet Destinations
An end-user's ZTA session with the Cisco Secure Client times out periodically. Secure Access determines the ZTA timeout interval for the ports and protocol where the Secure Client connects to internet destinations.
Secure Access supports these session timeout intervals for connections to internet destinations.
| Protocol and Ports | ZTA Timeout Interval |
|---|---|
| UDP | 30 seconds |
| TCP ports 80/443 | 1200 seconds |
| All TCP ports except 80/443 | 3600 seconds |
Comparison of Zero Trust Access and VPN < Timeout Intervals for Zero Trust Access Sessions > Comparison of Client-Based and Browser-Based Zero Trust Connections
Updated about 7 hours ago