Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
131132133134135136137138139140
125
341BSetting session aging time for application layer protocols
For sessions in the READY (with UDP) or ESTABLISH (with TCP) state, you can set the session aging times
according to the types of the application layer protocols to which the sessions belong.
IMPORTANT:
For a large amount of sessions (more than 800000), do not specify too short a
g
in
g
time. Otherwise, the
console might be slow in response.
To set session aging times based on application layer protocol type:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Set the aging time for sessions
of an application layer
protocol.
application aging-time { dns | ftp |
msn | qq | sip } time-value
Aging times set in this command
applies to only the sessions in the
READY/ESTABLISH state.
342BEnabling checksum verification
To make sure session tracking is not affected by packets with checksum errors, you can enable checksum
verification for protocol packets. With checksum verification enabled, the session management feature
processes only packets with correct checksums, and packets with incorrect checksums will be processed
by other services based on the session management.
IMPORTANT:
Checksum verification might degrade the device performance. Enable it with caution.
To enable checksum verification for protocol packets:
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Enable checksum verification.
session checksum { all | { icmp | tcp | udp } * } Disabled by default.
343BSpecifying persistent sessions
You can set the sessions that match the permit statements in a specific basic or advanced ACL as
persistent sessions, and set longer lifetime or never-age-out persistent sessions. A lifelong session is not
removed until the device receives a connection close request from the initiator or responder, or you
manually clear the session entries.
For more information about the configuration of basic and advance ACLs, see Access Control
Configuration Guide.
To specify persistent sessions:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Specify persistent
sessions.
session persist acl
acl-number [ aging-time
time-value ]
By default, no persistent sessions are specified.
If you configure this command multiple times, the last
configuration takes effect.