Manualshelf

R3721-F3210-F3171-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
101102103104105106107108109110
95
Field Descri
p
tion
TCP Half-Open Connection
Count
Number of TCP half-open connections
TCP Half-Close Connection
Count
Number of TCP half-close connections
TCP Connection Rate
TCP connection establishment rate in a 5-second sampling interval
UDP Connection Count
Number of full UDP connections
UDP Connection Rate
UDP connection establishment rate in a 5-second sampling interval
ICMP Connection Count
Number of full ICMP connections
ICMP Connection Rate
ICMP connection establishment rate in a 5-second sampling interval
RAWIP Connection Count
Number of current RAWIP connections
RAWIP Connection Rate
RAWIP connection establishment rate in a 5-second sampling interval
Configuring session management at the CLI
In session management, you can set session aging timers based on protocol state and based on
application layer protocol type, enable checksum verification, specify the persistent session rule, and
clear sessions. These tasks are order independent. You can perform these tasks in any order.
Setting session aging times based on protocol states
This aging timer settings are effective only to the sessions that are being established.
If the application layer protocol of a session supports session aging time configuration, the session takes
the session aging time set based on the application layer protocol type as its aging time when it is in the
READY/ESTABLISH state. For more information about the configuration, see "Configuring session aging
timer
s based on application layer protocol types."
If a session entry is not matched with any packets in a specified period of time, the entry will be aged out.
To set the session aging timers based on protocol states:
Ste
p
Command
1. Enter system view.
system-view
2. Set the aging timer for the sessions
of a specified protocol and in a
specified state.
session aging-time { accelerate | fin | icmp-closed | icmp-open |
rawip-open | rawip-ready | syn | tcp-est | udp-open |
udp-ready } time-value
IMPORTANT:
For a lar
g
e amount of sessions (more than 800000), do not specify a too short a
g
in
g
timer. Otherwise, the
console might be slow in response.