The disclosure relates to a method for managing connections in a firewall. The method includes receiving packets from an external network; generating a connection table; determining the total number of currently established connections; determining a level of firewall load by comparing the number of established connections with a threshold; identifying new and established connections based on two-way exchange of packets between a client and server; identifying closed connections based on processing ICMP error messages or flags in a TCP header; and dynamically determining current timeout values for connections from the network protocol type, the connection state, and the firewall load level. The method also includes modifying the last packet processing timestamp if any packet is passed within a given connection or a group of connections; and removing the connection if the last packet processing timestamp differs from the current time by a value greater than the timeout of said connection.