Configuring session management at the cli – H3C Technologies H3C SecPath F1000-E User Manual

Page 106

Advertising
background image

96

Field Description

TCP Connection Count

Total number of TCP half-open connections, TCP half-close connections,
and full TCP connections

TCP Half-Open Connection Count

Number of TCP half-open connections

TCP Half-Close Connection Count

Number of TCP half-close connections

TCP Connection Rate

TCP connection establishment rate in a 5-second sampling interval

UDP Connection Count

Number of full UDP connections

UDP Connection Rate

UDP connection establishment rate in a 5-second sampling interval

ICMP Connection Count

Number of full ICMP connections

ICMP Connection Rate

ICMP connection establishment rate in a 5-second sampling interval

RAWIP Connection Count

Number of current RAWIP connections

RAWIP Connection Rate

RAWIP connection establishment rate in a 5-second sampling interval

Configuring session management at the CLI

In session management, you can set session aging timers based on protocol state and based on

application layer protocol type, enable checksum verification, specify the persistent session rule, and

clear sessions. These tasks are order independent. You can perform these tasks in any order.

Setting session aging times based on protocol states

This aging timer settings are effective only to the sessions that are being established.
If the application layer protocol of a session supports session aging time configuration, the session takes

the session aging time set based on the application layer protocol type as its aging time when it is in the
READY/ESTABLISH state. For more information about the configuration, see "

Configuring session aging

timers based on application layer protocol types

."

If a session entry is not matched with any packets in a specified period of time, the entry will be aged out.
To set the session aging timers based on protocol states:

Step Command

1.

Enter system view.

system-view

2.

Set the aging timer for the
sessions of a specified

protocol and in a specified
state.

session aging-time { accelerate | fin | icmp-closed | icmp-open |
rawip-open | rawip-ready | syn | tcp-est | udp-open | udp-ready }
time-value

IMPORTANT:

For a large amount of sessions (more than 800000), do not specify a too short aging timer. Otherwise, the
console might be slow in response.

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS

Popular Brands
Popular manuals