R3303-HP HSR6800 Routers Security Configuration Guide
359
• Supporting ICMP error packet mapping and allowing the system to search for original sessions
according to the payload of these packets.
Because error packets are generated due to host errors, the mapping can help speed up the aging
of the original sessions.
• Supporting persistent sessions, which are not aged within a long period of time.
• Supporting session management of control channels and dynamic data channels of application
layer protocols, for example, FTP.
• Supporting limiting the number of session-based connections. For more information, see
"Configuring connection limits."
Session management task list
Task Remarks
Setting session aging times based on protocol state Optional
Configuring session aging time based on application layer protocol type
Optional
Configuring early aging for sessions Optional
Setting the maximum number of sessions Optional
Enabling checksum verification Optional
Specifying the persistent session rule Optional
Clearing sessions manually Optional
These tasks are mutually independent and can be configured in any order. You can configure them as
required.
Setting session aging times based on protocol state
If the application layer protocol of a session supports session aging time configuration, the session takes
the session aging time set based on the application layer protocol type as its aging time when it is in the
READY/ESTABLISH state. For more information about the configuration, see "Configuring session aging
time ba
sed on application layer protocol type."
If a session entry is not matched with any packets in a specified period of time, the entry will be aged out.
IMPORTANT:
For a lar
g
e amount of sessions (more than 800000), do not specify too short a
g
in
g
time. Otherwise, the
console might be slow in response.
To set the session aging times based on protocol state:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A