Managing sessions in the web interface, Configuring basic session management settings – H3C Technologies H3C SecBlade LB Cards User Manual
Page 205
194
deleted only when the session initiator or responder sends a request to close it or you clear it
manually.
•
Supporting both control channels and dynamic data channels of application layer protocols such
as FTP.
•
Supporting limiting the number of session-based connections. For more information, see
"Configuring attack detection and protection."
•
Supporting both unidirectional and bidirectional traffic (the hybrid mode).
Bidirectional traffic environment means that packets in both of the two directions pass the device.
Unidirectional traffic environment means that packets in only one direction pass the device; in this
case, the normal session state machine of the device cannot process the packets.
After the unidirectional traffic detection mode is enabled, session management adopts a special
session state machine, which can process the bidirectional and the unidirectional packets
simultaneously. However, some of the functions cannot be supported. If unidirectional traffic exists
in the network, enable the unidirectional traffic detection to ensure normal processing of the
unidirectional traffic. However, if no unidirectional traffic exists in the network, disable the
unidirectional traffic detection to ensure the system security.
Managing sessions in the web interface
Configuring basic session management settings
Basic session management settings include:
•
Configuring whether to enable unidirectional traffic detection.
•
Configuring a persistent session rule, which is available only for TCP sessions in ESTABLISHED state.
•
Setting aging times for the sessions in different protocol states, which are effective only for the
sessions that are being established.
•
Setting aging times for the sessions of different application layer protocols, which are effective only
for the sessions in READY or ESTABLISHED state.
NOTE:
If too many sessions, for example, more than 800000 sessions, exist, do not set small values for the aging
times of the sessions in different protocol states and of different application layer protocols. Otherwise, the
responses of the console will be very slow.
To configure the basic session management settings:
1.
Select Security > Session Table > Configuration from the navigation tree.
The basic configuration page appears.