Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices System Management and Maintenance Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
21222324252627282930
18
149BConfiguring TCP timers
You can configure the following TCP timers:
synwait timer—When sending a SYN packet, TCP starts the synwait timer. If no response packet is
received within the synwait timer interval, the TCP connection cannot be created.
finwait timer—When a TCP connection is changed into FIN_WAIT_2 state, the finwait timer is
started.
{ If no FIN packet is received within the timer interval, the TCP connection is terminated. If a FIN
packet is received, the TCP connection state changes to TIME_WAIT.
{ If a non-FIN packet is received, the system restarts the timer upon receiving the last non-FIN
packet. The connection is broken after the timer expires.
The actual finwait timer is determined by the following formula:
Actual finwait timer = (Configured finwait timer – 75) + configured synwait timer
To configure TCP timers:
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Configure TCP timers.
Configure the TCP synwait timer:
tcp timer syn-timeout time-value
Configure the TCP finwait timer:
tcp timer fin-timeout time-value
Optional.
By default:
The synwait timer is 75
seconds.
The finwait timer is 675
seconds.
30B
Configuring ICMP to send error packets
Sending error packets is a major function of ICMP. Error packets are usually sent by the network or
transport layer protocols to notify the source device of network failures or errors.
150BAdvantages of sending ICMP error packets
ICMP error packets include redirect, timeout, and destination unreachable packets.
ICMP redirect packets
A host may have only a default route to the default gateway in its routing table after startup. If the
following conditions are satisfied, the default gateway sends ICMP redirect packets to the source
host, telling it to reselect a correct next hop to send the subsequent packets:
{ The receiving and forwarding interfaces are the same.
{ The selected route has not been created or modified by an ICMP redirect packet.
{ The selected route is not the default route of the device.
{ There is no source route option in the packet.
The ICMP redirect packets function simplifies host administration and enables a host to gradually
optimize the routing table.
ICMP timeout packets