R0106-HP MSR Router Series Security Configuration Guide(V7)
380
Ste
p
Command
Remarks
2. Set the session aging time for
different application layer
protocols.
session aging-time application
{ dns | ftp | gtp | h225 | h245 |
ils | mgcp | nbt | pptp | ras | rsh
| rtsp | sccp | sip | sqlnet | tftp |
xdmcp } time-value
By default, the session aging time
is as follows:
• DNS: 60 seconds.
• FTP: 3600 seconds.
• GTP: 60 seconds.
• H.225: 3600 seconds.
• H.245: 3600 seconds.
• RAS: 300 seconds.
• RTSP: 3600 seconds.
• SIP: 3600 seconds.
• TFTP: 60 seconds.
• ILS: 3600 seconds.
• MGCP: 60 seconds.
• NBT: 3600 seconds.
• PPTP: 3600 seconds.
• RSH: 60 seconds.
• SCCP: 3600 seconds.
• SQLNET: 600 seconds.
• XDMCP: 3600 seconds.
Specifying persistent sessions
This task is for only TCP sessions in ESTABLISHED state. You can specify TCP sessions that match the
permit statements in the specified ACL as persistent sessions, and set longer lifetime or never-age-out
persistent sessions. A never-age-out session is not removed until the device receives a connection close
request from the initiator or responder, or you manually clear the session entries.
For a TCP session in ESTABLISHED state, the priority order of the associated aging time is as follows:
• Aging time for persistent sessions.
• Aging time for sessions of application layer protocols.
• Aging time for sessions in different protocol states.
To specify persistent sessions:
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Specify persistent
sessions.
session persistent acl [ ipv6 ] acl-number
[ aging-time time-value ]
By default, no persistent sessions are
specified.
Configuring session logging
Session logs provide information about user access, IP address translation, and network traffic for
security auditing. These logs are sent to the log server or the information center.
The device supports time-based or traffic-based logging: