HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

111

112

113

114

115

116

117

118

119

120

112

Table 32 Configuration items

Item Descri

tion

Enable unidirectional traffic detection

Enable or disable unidirectional traffic detection.

• When unidirectional traffic detection is enabled, the session

management feature processes both the unidirectional and

bidirectional traffic.

• When unidirectional traffic detection is disabled, the session

management feature processes only the bidirectional traffic.

When unidirectional traffic detection is enabled, some features

cannot work correctly and system security is adversely affected.

For example, when unidirectional traffic detection is enabled,

ASPF cannot drop a non-SYN packet that is the first packet over a

TCP connection. You enable unidirectional traffic detection

according to whether unidirectional sessions exist. If yes, enable

unidirectional traffic detection to ensure the normal processing of

unidirectional sessions. If not, disable unidirectional traffic

detection to protect system security.

ACL

Specify the ID of an ACL.

Only one ACL can be referenced as the persistent session rule,

and the last referenced ACL takes effect. If no ACL is specified,

persistent sessions are not allowed.

To configure an ACL, select Firewall > ACL from the navigation

tree. For more information, see ACL configuration.

Session Aging Time

Set the aging time of persistent sessions.

The value of 0 means that the persistent sessions will not be aged.

TCP Protocol

• SYN_SENT State and

SYN_RCV State

Aging Time.

• FIN_WAIT State

Aging Time.

• ESTABLISHED State

Aging Time.

• Specify the SYN_SENT state and SYN_RCV state aging time

for TCP.

• Specify the FIN_WAIT state aging time for TCP.

• Specify the ESTABLISHED state aging time for TCP.

UDP Protocol

• OPEN State Aging

Time.

• READY State Aging

Time.

• Specify the OPEN state aging time for UDP.

• Specify the READY state aging time for UDP.

ICMP Protocol

• OPEN State Aging

Time.

• CLOSED State Aging

Time.

• Specify the OPEN state aging time for ICMP.

• Specify the CLOSED state aging time for ICMP.

Aging

Accelerate

Queue

Accelerate Queue Aging

Time.

Specify the accelerate queue aging time.

RAWIP

Protocol

• OPEN State Aging

Time.

• READY State Aging

Time.

• Specify the OPEN state aging time for RAW IP.

• Specify the READY state aging time for RAW IP.

DNS Session Aging Time

Specify the DNS session aging time.