HP MSR2000/3000/4000 Router Series Security Configuration Guide
262
Ste
p
Command
Remarks
2. Set the session aging time for
different protocol states
session aging-time state { fin |
icmp-reply | icmp-request |
rawip-open | rawip-ready | syn |
tcp-est | udp-open | udp-ready }
time-value
By default, the session aging time
is as follows:
• FIN-WAIT: 30 seconds.
• ICMP-REPLY: 30 seconds.
• ICMP-REQUEST: 60 seconds.
• RAWIP-OPEN: 30 seconds.
• RAWIP-READY: 60 seconds.
• TCP SYN-SENT and SYN-RCV:
30 seconds.
• TCP-ESTABLISHED: 3600
seconds.
• UDP-OPEN: 30 seconds.
• UDP-READY: 60 seconds.
Setting the session aging time for different
application layer protocols
IMPORTANT:
For more than 800000 sessions, do not set short aging time. Otherwise, the device might be slow in
response.
The aging time for session of different application layer protocols are valid for TCP sessions in
ESTABLISHED state or UDP sessions in READY state. If a session has no packet hit before the aging time
expires, the device automatically removes the session. For sessions used by other application layer
protocols, the aging time for sessions in different protocol states applies.
Set an appropriate aging time to guarantee protocol packet exchange. For example, if the aging time for
FTP session is shorter than the interval for sending FTP keepalive messages, an FTP session cannot be
maintained.
To set the session aging time for different application layer protocols:
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Set the session aging time for
different application layer
protocols.
session aging-time application
{ dns | ftp | gtp | h225 | h245 |
ras | rtsp | sip | tftp } time-value
By default, the session aging time
is as follows:
• DNS: 60 seconds.
• FTP: 3600 seconds.
• GTP: 60 seconds.
• H.225: 3600 seconds.
• H.245: 3600 seconds.
• RAS: 300 seconds.
• RTSP: 3600 seconds.
• SIP: 300 seconds.
• TFTP: 60 seconds.