Manualshelf

HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
111112113114115116117118119120
110
Supports ICMP error packet mapping and allows the system to search for original sessions
according to the payload of these packets.
Because error packets are generated due to host errors, the mapping can help speed up the aging
of the original sessions.
Supports persistent sessions, which are kept alive for a long period of time. Only TCP sessions in
ESTABLISHED state can be specified as persistent sessions.
Supports session management for control channels and dynamic data channels of application layer
protocols, for example, FTP.
Supports limiting the number of session-based connections. For more information, see "Configuring
connection limits."
Configuring session management in the Web
interface
Configuring basic session management settings
Basic session management settings include:
Configuring whether to enable unidirectional traffic detection.
Configuring a persistent session rule, which is available only for TCP sessions in ESTABLISHED state.
Setting aging times for the sessions in different protocol states, which are effective only for the
sessions that are being established.
Setting aging times for the sessions of different application layer protocols, which are effective only
for the sessions in READY or ESTABLISHED state.
NOTE:
If too many sessions, for example, more than 800000 sessions, exist, do not set small values for the a
g
in
g
times of the sessions in different protocol states and of different application layer protocols. Otherwise, the
responses of the console will be very slow.
To configure the basic session management settings:
1. Select Firewall > Session Table > Configuration from the navigation tree.
The basic configuration page appears.