Configuring session management at the cli – H3C Technologies H3C SecPath F1000-E User Manual
Page 106
96
Field Description
TCP Connection Count
Total number of TCP half-open connections, TCP half-close connections,
and full TCP connections
TCP Half-Open Connection Count
Number of TCP half-open connections
TCP Half-Close Connection Count
Number of TCP half-close connections
TCP Connection Rate
TCP connection establishment rate in a 5-second sampling interval
UDP Connection Count
Number of full UDP connections
UDP Connection Rate
UDP connection establishment rate in a 5-second sampling interval
ICMP Connection Count
Number of full ICMP connections
ICMP Connection Rate
ICMP connection establishment rate in a 5-second sampling interval
RAWIP Connection Count
Number of current RAWIP connections
RAWIP Connection Rate
RAWIP connection establishment rate in a 5-second sampling interval
Configuring session management at the CLI
In session management, you can set session aging timers based on protocol state and based on
application layer protocol type, enable checksum verification, specify the persistent session rule, and
clear sessions. These tasks are order independent. You can perform these tasks in any order.
Setting session aging times based on protocol states
This aging timer settings are effective only to the sessions that are being established.
If the application layer protocol of a session supports session aging time configuration, the session takes
the session aging time set based on the application layer protocol type as its aging time when it is in the
READY/ESTABLISH state. For more information about the configuration, see "
timers based on application layer protocol types
."
If a session entry is not matched with any packets in a specified period of time, the entry will be aged out.
To set the session aging timers based on protocol states:
Step Command
1.
Enter system view.
system-view
2.
Set the aging timer for the
sessions of a specified
protocol and in a specified
state.
session aging-time { accelerate | fin | icmp-closed | icmp-open |
rawip-open | rawip-ready | syn | tcp-est | udp-open | udp-ready }
time-value
IMPORTANT:
For a large amount of sessions (more than 800000), do not specify a too short aging timer. Otherwise, the
console might be slow in response.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS