HP VPN Firewall Appliances Access Control Configuration Guide
120
Field Descri
p
tion
RAWIP Connection Count
Number of current RAWIP connections.
RAWIP Connection Rate
Sampled RAWIP connection establishment rate in a 5-second
interval.
NOTE:
A
session cannot detect the changes of the security zone where the interface resides, security zone priority, and
virtual device attributes. Regardless of these changes, an established session always forward packets until the
session ages out.
Configuring session management at the CLI
Session management task list
Task Remarks
Setting session aging time for different protocol states Optional
Setting session aging time for application layer protocols Optional
Enabling checksum verification Optional
Specifying persistent sessions Optional
Configuring the operating mode for session management Optional
Enabling session synchronization for stateful failover Optional
These tasks are mutually independent and can be configured in any order.
Setting session aging time for different protocol states
If the application layer protocol of a session supports session aging time configuration, the session takes
the session aging time set based on the application layer protocol type as its aging time when it is in the
READY/ESTABLISH state. For more information about the configuration, see "Setting session aging time
f
or applicati
on layer protocols."
If a session entry is not matched with any packets in a specified period of time, the entry will be aged out.
IMPORTANT:
For a large amount of sessions (more than 800000), do not specify too short a
g
in
g
time. Otherwise, the
console might be slow in response.
To set the session aging times based on protocol state:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Set the aging time for sessions
of a specified protocol and in
a specified state.
session aging-time { accelerate | fin |
icmp-closed | icmp-open | rawip-open |
rawip-ready | syn | tcp-est | udp-open |
udp-ready } time-value
This aging time setting is
effective on only the
sessions that are being
established.