Manualshelf

R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
71727374757677787980
71
CAUTION:
For a lar
g
e amount of sessions (more than 800000), do not specify too short a
g
in
g
time. Otherwise, the
console might be slow in response.
Enabling checksum verification
To ensure that session tracking is not affected by packets with checksum errors, you can enable checksum
verification for protocol packets. With checksum verification enabled, the session management feature
processes only packets with correct checksums, and packets with incorrect checksums will be processed
by other services based on the session management.
Follow these steps to enable checksum verification for protocol packets:
To do... Use the command...
Remarks
Enter system view
system-view
Enable checksum verification
session checksum { all | { icmp | tcp
| udp } * }
Required
Disabled by default
CAUTION:
Checksum verification might degrade the device performance. Enable it with caution.
Specifying the persistent session rule
You can set some sessions that have specific characteristics as persistent sessions. The aging time of a
persistent session does not vary with the session state transitions, neither will a persistent session be
removed because no packets match it. A persistent session can be specified with an aging time that is
longer than those of common sessions, or be configured to be a permanent connection, which will be
cleared only when the session initiator or responder sends a request to close it or you clear it manually.
You can set the persistent session criteria by specifying a basic or advanced access control list (ACL). All
sessions permitted by the ACL are persistent sessions.
NOTE:
For more information about the configuration of basic and advance ACLs, see
Access Control
Configuration Guide
.
Follow these steps to specify the persistent session rule:
To do... Use the command...
Remarks
Enter system view
system-view
Specify the persistent session
rule
session persist acl acl-number
[ aging-time time-value ]
Required
Not specified by default
NOTE:
A
persistent session rule can reference only one ACL.