Configuring Session Aging Time Based On Application Layer Protocol Type - HP 6600 Security Configuration Manual
Hide thumbs
Also See for 6600:
- Command reference manual (286 pages) ,
- Configuration manual (236 pages) ,
- Installation and getting started manual (103 pages)
Table of Contents
Advertisement
Step
2.
Set the aging time for sessions
of a specified protocol and in
a specified state.
Configuring session aging time based on application layer
protocol type
For sessions in the READY (with UDP) or ESTABLISH (with TCP) state, you can set the session aging times
according to the types of the application layer protocols to which the sessions belong.
IMPORTANT:
For a large amount of sessions (more than 800000), do not specify too short aging time. Otherwise, the
console might be slow in response.
To set session aging times based on application layer protocol type:
Step
1.
Enter system view.
2.
Set the aging time for sessions
of an application layer
protocol.
Command
session aging-time { accelerate |
fin | icmp-closed | icmp-open |
rawip-open | rawip-ready | syn |
tcp-est | udp-open | udp-ready }
time-value
Command
system-view
application aging-time { dns | ftp |
msn | qq | sip } time-value
455
Remarks
This aging time setting is effective
for only the sessions that are being
established.
The defaults are as follows:
•
accelerate—10 seconds.
•
fin—30 seconds.
•
icmp-closed—30 seconds.
•
icmp-open—60 seconds.
•
rawip-open—30 seconds.
•
rawip-ready—60 seconds.
•
syn—30 seconds.
•
tcp-est—3600 seconds.
•
udp-open—30 seconds.
•
udp-ready—60 seconds.
Remarks
N/A
Aging times set in this command
applies to only the sessions in the
READY/ESTABLISH state.
The defaults are as follows:
•
dns—60 seconds.
•
ftp—3600 seconds.
•
msn—3600 seconds.
•
qq—60 seconds.
•
sip—300 seconds.
HP recommends you set a larger
value for the age time than the FTP
packet keepalive interval.
Advertisement
Table of Contents
Troubleshooting
