Clearing sessions manually, Configuring session logging – H3C Technologies H3C SecBlade LB Cards User Manual

201

unidirectional sessions exist. If yes, configure the hybrid mode to ensure the normal processing of

unidirectional sessions. If no, configure the bidirectional mode to protect system security.
To configure the operating mode for session management:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Configure the

operating mode for
session management.

•

Configure the hybrid mode:

session mode hybrid

•

Configure the bidirectional mode:

undo session mode

Use either command.
Bidirectional mode by default.

Enabling session synchronization for stateful failover

The session synchronization for stateful failover feature enables two devices to synchronize in real time

the sessions and dynamic entries of session-based services, such as NAT and ALG. The two devices are

generally the central gateway devices of an enterprise, one acting as the primary and the other acting
as the backup. They use a virtual IP address to communicate with a peer device (generally a branch

gateway device). When the primary central gateway device fails, the services are switched to the

backup central gateway device according to the redundancy negotiation mechanism, and the backup

one takes over to process and forward service traffic. The failover process is invisible to the peer device,
and the peer device, without any reconfiguration, can still communicate with the central gateway device.

Because all dynamic entries are synchronized in real time between the two central gateway devices, a

failover does not interrupt ongoing services.
Before this configuration task, enable the stateful failover feature, and enable the support for asymmetric
paths according to the networking for stateful failover.
To enable session synchronization for stateful failover:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable session

synchronization for
stateful failover.

session synchronization enable

Optional.
Disabled by default.

Clearing sessions manually

Task Command

Remarks

Clear sessions.

reset session [ vd-name vd-name ] [ source-ip source-ip ]
[ destination-ip destination-ip ] [ protocol-type protocol-type ]

[ source-port source-port ] [ destination-port destination-port ]

Available in user
view.

Configuring session logging

Session logs help track information about user access, IP address translation, and traffic, and can be sent

to the log server or exported to the information center in flow log format. It can help network
administrators in security auditing.