S9700 Core Routing Switch
Configuration Guide - SPU
2.9 Configuring the Aging Time of the Firewall Session
Table
2.9.1 Establishing the Configuration Task
Before configuring the aging time of the firewall session table, familiarize yourself with the
applicable environment, complete the pre-configuration tasks, and obtain the data required for
the configuration. This will help you complete the configuration task quickly and accurately.
Applicable Environment
The SPU creates a session table for data flows of each protocol, such as TCP, UDP, and ICMP,
to record the connection status of the protocol. The aging time is set for the session table of the
firewall. If a record in the session table does not match any packet within the aging time, the
system deletes the record.
To change the aging time of protocol sessions, set the aging time of the firewall session table.
Data Preparation
To set the aging time of the firewall session table, you need the following data.
No.
1
2.9.2 Configuring the Aging Time of the Firewall Session Table
If a session entry is not used within the specified period, the session becomes invalid.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
firewall-nat session { dns | ftp | ftp-data | http | icmp | tcp | tcp-proxy | udp
| sip | sip-media | rtsp | rtsp-media } aging-time time-value
The aging time of the firewall session table is set.
By default, the aging time of each protocol is as follows:
l DNS: 120 seconds
l FTP: 120 seconds
l FTP-data: 120 seconds
Issue 01 (2012-03-15)
Data
Aging time of the session table of each application-layer protocol
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2 Firewall Configuration
49