To the best of my knowledge the timeout is a global setting.
However, you can set it per port/protocol to limit it to telnet.
I wouldn't worry about it being a security risk for TCP.
TCP is connection-oriented. Normally, the end host(s) will gracefully tear down the connection with a FIN packet when they close the session. The purpose of the timeout in a firewall or NAT scenario is to tear down a connection should the end hosts fail to do so. For example the telnet session is started from a laptop and the battery dies, a user wanders outside of wi-fi range, etc. Note that any traffic on the session will reset the timer.
It won't affect performance unless all of the following are true:
- You have a lot of users opening telnet connections.
- Most of them abandon the connection without closing the session or leave it open for hours with no activity.
- The number of open policy sessions at any time is near the limit of the box.
There really isn't any performance cost to leaving an idle session open other than a small amount of RAM to maintain the state. You should be fine at 12 hour timeout.
As far as security risks, telnet itself is unencrypted....
Thank you jayh. I went ahead and implemented and will keep an eye on performance. I just needed to sound board concerns off of someone.
Thanks for the quick response.