R3303-HP HSR6800 Routers Security Configuration Guide
360
Ste
p
Command
Remarks
2. Set the aging time for sessions
of a specified protocol and in
a specified state.
session aging-time { accelerate |
fin | icmp-closed | icmp-open |
rawip-open | rawip-ready | syn |
tcp-est | udp-open | udp-ready }
time-value
This aging time setting is effective
for only the sessions that are being
established.
The defaults are as follows
:
• accelerate—10 seconds.
• fin—30 seconds.
• icmp-closed—30 seconds.
• icmp-open—60 seconds.
• rawip-open—30 seconds.
• rawip-ready—60 seconds.
• syn—30 seconds.
• tcp-est—3600 seconds.
• udp-open—30 seconds.
• udp-ready—60 seconds.
Configuring session aging time based on application layer
protocol type
For sessions in the READY (with UDP) or ESTABLISH (with TCP) state, you can set the session aging times
according to the types of the application layer protocols to which the sessions belong.
IMPORTANT:
For a lar
g
e amount of sessions (more than 800000), do not specify too short a
g
in
g
time. Otherwise, the
console might be slow in response.
To set session aging times based on application layer protocol type:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Set the aging time for sessions
of an application layer
protocol.
application aging-time { dns | ftp |
msn | qq | sip } time-value
Aging times set in this command
applies to only the sessions in the
READY/ESTABLISH state.
The defaults are as follows:
• dns—60 seconds.
• ftp—3600 seconds.
• msn—3600 seconds.
• qq—60 seconds.
• sip—300 seconds.
HP recommends you set a larger
value for the age time than the FTP
packet keepalive interval.