R0106-HP MSR Router Series Security Configuration Guide(V7)
378
• Creates sessions for protocol packets, updates session states, and sets aging time for sessions in
different protocol states.
• Supports port mapping for application layer protocols (see "Configuring PBAR"), enabling
application layer protocols to use customized ports.
• Sets aging time for sessions based on application layer protocols.
• Supports ICMP/ICMPv6 error packet mapping, enabling the device to search for original sessions
according to the payloads in the ICMP/ICMPv6 error packets.
Because error packets are generated due to host errors, the mapping can help speed up the aging
of the original sessions.
• Supports persistent sessions, which are kept alive for a long period of time.
• Supports session management for the control channels and dynamic data channels of application
layer protocols, for example, FTP.
Session management task list
Tasks at a
g
lance
(Optional.) Setting the session aging time for different protocol states
(Optional.) Setting the session aging time for different application layer protocols
(Optional.) Specifying persistent sessions
(Optional.) Configuring session logging
Except for configuring session logging, all other tasks are mutually independent and can be configured
in any order.
Setting the session aging time for different protocol
states
IMPORTANT:
For more than 800000 sessions, do not set short aging time. Otherwise, the device might be slow in
response.
If a session in a certain protocol state has no packet hit before the aging time expires, the device
automatically removes the session.
To set the session aging time for different protocol states:
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A