Manualshelf

R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
61626364656667686970
59
Supporting port mapping for application layer protocols and allowing application layer protocols
to use customized ports and adopt different session timeout intervals.
Supporting ICMP error packet mapping and allowing the system to search for original sessions
according to the payload of these packets. Because ICMP error packets are generated due to errors,
the mapping can help speed up the aging of the original sessions.
Supporting session management of control channels and dynamic data channels of application
layer protocols such as FTP, DNS, MSN and QQ.
Supporting session management of both the unidirectional and bidirectional traffic (the hybrid
mode). Bidirectional traffic environment means that packets in both of the two directions pass the
device. Unidirectional traffic environment means that packets in only one direction pass the device;
in this case, the normal session state machine of the device cannot process the packets. After the
unidirectional traffic detection mode is enabled, session management adopts a special session
state machine, which can process the bidirectional and the unidirectional packets simultaneously.
NOTE:
A
fter unidirectional traffic detection is enabled, some of the service functions cannot be supported. For
example, ASPF will not check the first TCP packet that is not SYN. Therefore, the system security will be
degraded. If there is unidirectional traffic in the network, you need to enable the unidirectional traffic
detection to ensure normal processing of the unidirectional traffic, however, if there is no unidirectional
traffic in the network, HP recommends you to disable the unidirectional traffic detection to ensure the
system security.
Configuring session management in the web
interface
Configuration task list
Complete the following tasks to configure session management:
Configuring basic session management settings
Displaying and maintaining session management information
Displaying session statistics
Configuring basic session management settings
Task Remarks
Configuring basic session
management settings
Optional
Basic session management settings include:
Configuring whether to enable unidirectional traffic detection
Configuring long-term session rule
Configuring aging times for protocol states, which are effective only for
sessions being established
Configuring aging times for application layer protocols, which are effective
only for the sessions in the READY or ESTABLISHED state.