This FWSM is in single mode, we when I speak of context below I mean only CLI contexts.
Does anyone know of a way to change conn timeouts within a specific "object-group service" module and restrict their scope to that custom object-group? I'm able to change the timeouts without a complaint from the FWSM, but even in the "object-group service" context the changes are applied globally and I'm dropped out of "(config-service)" context and back to (config). This leads me to believe that these timeouts can only be set globally. This is not at all what I want, but rather to change the con timeout for a object-group service, then use that service with a set of restricted hosts within an ACL to manipulate connection timers for these specified hosts.
I have, on Netscreen's and Checkpoints, been able to specify even the specific protocol timeout by creating a "custom service", and defining TCP characteristics such as timeouts. These modified timeouts applied only to the defined "custom service". I can't imagine this is impossible to do this on an FWSM... but I don't see that it can be done in the case of the transport protocols themselves, only for the connection states and then only if I can accept that the results will apply globally.
dj