Manualshelf

HP VPN Firewall Appliances System Management and Maintenance Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
21222324252627282930
19
synwait timer—When sending a SYN packet, TCP starts the synwait timer. If no response packet is
received within the synwait timer interval, the TCP connection cannot be created.
finwait timer—When a TCP connection is changed into FIN_WAIT_2 state, the finwait timer is
started.
{ If no FIN packet is received within the timer interval, the TCP connection is terminated. If a FIN
packet is received, the TCP connection state changes to TIME_WAIT.
{ If a non-FIN packet is received, the system restarts the timer upon receiving the last non-FIN
packet. The connection is broken after the timer expires.
The actual finwait timer is determined by the following formula:
Actual finwait timer = (Configured finwait timer – 75) + configured synwait timer
To configure TCP timers:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Configure TCP timers.
Configure the TCP synwait timer:
tcp timer syn-timeout time-value
Configure the TCP finwait timer:
tcp timer fin-timeout time-value
Optional.
By default:
The synwait timer is 75 seconds.
The finwait timer is 675
seconds.
Configuring ICMP to send error packets
Sending error packets is a major function of ICMP. Error packets are usually sent by the network or
transport layer protocols to notify the source device of network failures or errors.
Advantages of sending ICMP error packets
ICMP error packets include redirect, timeout, and destination unreachable packets.
ICMP redirect packets
A host might have only a default route to the default gateway in its routing table after startup. If the
following conditions are met, the default gateway sends ICMP redirect packets to the source host,
telling it to reselect a correct next hop to send the subsequent packets:
{ The receiving and forwarding interfaces are the same.
{ The selected route has not been created or modified by an ICMP redirect packet.
{ The selected route is not the default route of the device.
{ There is no source route option in the packet.
The ICMP redirect packets function simplifies host administration and enables a host to gradually
optimize the routing table.
ICMP timeout packets
If the device receives an IP packet with a timeout error, it drops the packet and sends an ICMP
timeout packet to the source.
The device sends an ICMP timeout packet under the following conditions: