F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

131

132

133

134

135

136

137

138

139

140

124

Field Descri

tion

UDP Connection Count

Number of full UDP connections.

UDP Connection Rate

Sampled UDP connection establishment rate in a 5-second interval.

ICMP Connection Count

Number of full ICMP connections.

ICMP Connection Rate

Sampled ICMP connection establishment rate in a 5-second interval.

RAWIP Connection Count

Number of current RAWIP connections.

RAWIP Connection Rate

Sampled RAWIP connection establishment rate in a 5-second interval.

47B

Configuring session management at the CLI

177BSession management task list

Task Remarks

641H

Setting session aging time for different protocol states Optional

642H

Setting session aging time for application layer protocol Optional

643H

Enabling checksum verification Optional

644H

Specifying persistent sessions Optional

645H

Configuring the operating mode for session management Optional

646H

Enabling session synchronization for stateful failover Optional

These tasks are mutually independent and can be configured in any order.

340BSetting session aging time for different protocol states

If the application layer protocol of a session supports session aging time configuration, the session takes

the session aging time set based on the application layer protocol type as its aging time when it is in the

READY/ESTABLISH state. For more information about the configuration, see "

647HSetting session aging time

for application layer protocol."

If a session entry is not matched with any packets in a specified period of time, the entry will be aged out.

IMPORTANT:

For a lar

e amount of sessions (more than 800000), do not specify too short a

time. Otherwise, the

console might be slow in response.

To set the session aging times based on protocol state:

Ste

Command

Remarks

1. Enter system view. system-view N/A

2. Set the aging time for sessions

of a specified protocol and in

a specified state.

session aging-time { accelerate | fin |

icmp-closed | icmp-open | rawip-open |

rawip-ready | syn | tcp-est | udp-open |

udp-ready } time-value

This aging time setting is

effective on only the

sessions that are being

established.