beautypg.com

Session management configuration, Configuration task list, Configuring basic session management settings – H3C Technologies H3C SecPath F1000-E User Manual

Page 566

background image

2

Supporting ICMP error packet mapping and allowing the system to search for original sessions
according to the payloads of these packets. As ICMP error packets are generated due to errors,
this helps speed up the aging of the original sessions.

Supporting persistent sessions. You can specify TCP sessions meeting certain criteria as persistent
sessions. The aging time of a persistent session does not vary with the session state transitions,
neither will a persistent session be removed because no packets match it. A persistent session can
be specified with an aging time that is longer than those of common sessions (up to 360 hours), or
be configured to be a permanent connection, which will be deleted only when the session initiator
or responder sends a request to close it or you clear it manually.

Supporting both control channels and dynamic data channels of application layer protocols such
as FTP, DNS, MSN and QQ.

Supporting both unidirectional and bidirectional traffic (the hybrid mode). Bidirectional traffic
environment means that packets in both of the two directions pass the device. Unidirectional traffic
environment means that packets in only one direction pass the device; in this case, the normal
session state machine of the device cannot process the packets. After the unidirectional traffic
detection mode is enabled, session management adopts a special session state machine, which
can process the bidirectional and the unidirectional packets simultaneously.

NOTE:

Only TCP sessions in the ESTABLISHED state can be specified as persistent sessions.

After unidirectional traffic detection is enabled, some of the service functions cannot be supported. For
example, ASPF will not check the first TCP packet that is not SYN. Therefore, the system security will be
degraded. If there is unidirectional traffic in the network, you need to enable the unidirectional traffic
detection to ensure normal processing of the unidirectional traffic, however, if there is no unidirectional
traffic in the network, it is recommended to disable the unidirectional traffic detection to ensure the
system security.

Session Management Configuration

Configuration Task List

Complete the following tasks to configure session management:

Configuring basic session management settings

Displaying and maintaining session management information

Displaying session statistics

Configuring basic session management settings

Task Remarks

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: