diff --git a/api/v1alpha1/timeout_types.go b/api/v1alpha1/timeout_types.go
index ccf50724305..36c0c320ed2 100644
--- a/api/v1alpha1/timeout_types.go
+++ b/api/v1alpha1/timeout_types.go
@@ -43,12 +43,27 @@ type HTTPTimeout struct {
 }
 
 type ClientTimeout struct {
+	// Timeout settings for TCP.
+	//
+	// +optional
+	TCP *TCPClientTimeout `json:"tcp,omitempty"`
+
 	// Timeout settings for HTTP.
 	//
 	// +optional
 	HTTP *HTTPClientTimeout `json:"http,omitempty"`
 }
 
+// TCPClientTimeout only provides timeout configuration on the listener whose protocol is TCP or TLS.
+type TCPClientTimeout struct {
+	// IdleTimeout for a TCP connection. Idle time is defined as a period in which there are no
+	// bytes sent or received on either the upstream or downstream connection.
+	// Default: 1 hour.
+	//
+	// +optional
+	IdleTimeout *gwapiv1.Duration `json:"idleTimeout,omitempty"`
+}
+
 type HTTPClientTimeout struct {
 	// RequestReceivedTimeout is the duration envoy waits for the complete request reception. This timer starts upon request
 	// initiation and stops when either the last byte of the request is sent upstream or when the response begins.
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
index f3fd72c38d1..f29855aab7e 100644
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -679,6 +679,11 @@ func (in *ClientTLSSettings) DeepCopy() *ClientTLSSettings {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ClientTimeout) DeepCopyInto(out *ClientTimeout) {
 	*out = *in
+	if in.TCP != nil {
+		in, out := &in.TCP, &out.TCP
+		*out = new(TCPClientTimeout)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.HTTP != nil {
 		in, out := &in.HTTP, &out.HTTP
 		*out = new(HTTPClientTimeout)
@@ -4302,6 +4307,26 @@ func (in *TCPActiveHealthChecker) DeepCopy() *TCPActiveHealthChecker {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TCPClientTimeout) DeepCopyInto(out *TCPClientTimeout) {
+	*out = *in
+	if in.IdleTimeout != nil {
+		in, out := &in.IdleTimeout, &out.IdleTimeout
+		*out = new(v1.Duration)
+		**out = **in
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPClientTimeout.
+func (in *TCPClientTimeout) DeepCopy() *TCPClientTimeout {
+	if in == nil {
+		return nil
+	}
+	out := new(TCPClientTimeout)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TCPKeepalive) DeepCopyInto(out *TCPKeepalive) {
 	*out = *in
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
index b45522e3e39..a9d3fb95fcf 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
@@ -348,6 +348,17 @@ spec:
                         pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
                         type: string
                     type: object
+                  tcp:
+                    description: Timeout settings for TCP.
+                    properties:
+                      idleTimeout:
+                        description: |-
+                          IdleTimeout for a TCP connection. Idle time is defined as a period in which there are no
+                          bytes sent or received on either the upstream or downstream connection.
+                          Default: 1 hour.
+                        pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
+                        type: string
+                    type: object
                 type: object
               tls:
                 description: TLS settings configure TLS termination settings with
diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md
index 716ad0bc78d..6ac4fe6b123 100644
--- a/site/content/en/latest/api/extension_types.md
+++ b/site/content/en/latest/api/extension_types.md
@@ -518,6 +518,7 @@ _Appears in:_
 
 | Field | Type | Required | Description |
 | ---   | ---  | ---      | ---         |
+| `tcp` | _[TCPClientTimeout](#tcpclienttimeout)_ |  false  | Timeout settings for TCP. |
 | `http` | _[HTTPClientTimeout](#httpclienttimeout)_ |  false  | Timeout settings for HTTP. |
 
 
@@ -3263,6 +3264,20 @@ _Appears in:_
 | `receive` | _[ActiveHealthCheckPayload](#activehealthcheckpayload)_ |  false  | Receive defines the expected response payload. |
 
 
+#### TCPClientTimeout
+
+
+
+TCPClientTimeout only provides timeout configuration on the listener whose protocol is TCP or TLS.
+
+_Appears in:_
+- [ClientTimeout](#clienttimeout)
+
+| Field | Type | Required | Description |
+| ---   | ---  | ---      | ---         |
+| `idleTimeout` | _[Duration](#duration)_ |  false  | IdleTimeout for a TCP connection. Idle time is defined as a period in which there are no<br />bytes sent or received on either the upstream or downstream connection.<br />Default: 1 hour. |
+
+
 #### TCPKeepalive