ESR series service routers.ESR-Series. User manual
Step Description Command Keys
5 Disable filtration of packets for which it
was not possible to determine
belonging to any known connection and
which are not the beginning of a new
connection (optional, may reduce the
performance).
esr(config)# ip firewall sessions
allow-unknown
6 Select firewall operation mode
(optional).
In stateful mode, only the first packet of
the session is checked, and if direct
traffic is allowed, return traffic is
allowed automatically.
In stateless mode, each packet is
checked. Direct and return traffic must
be allowed in the corresponding zone-
pair (see step 29).
Firewall operation according to the list
of applications is possible only in
stateless mode.
esr(config)# ip firewall mode
<MODE>
<MODE> – firewall operation
mode, may take the following
values: stateful, stateless.
Default value: stateful.
7 Determine the session lifetime for
unsupported protocols (optional).
esr(config)# ip firewall sessions
generic-timeout <TIME>
<TIME> – session lifetime for
unsupported protocols, takes
values in seconds [1..8553600].
Default value: 60 seconds.
8 Determine ICMP session lifetime after
which it is considered to be outdated
(optional).
esr(config)# ip firewall sessions
icmp-timeout <TIME>
<TIME> – ICMP session
lifetime, takes values in
seconds [1..8553600].
Default value: 30 seconds.
9 Determine ICMPv6 session lifetime
after which it is considered to be
outdated (optional).
esr(config)# ip firewall sessions
icmpv6-timeout <TIME>
<TIME> – ICMP session
lifetime, takes values in
seconds [1..8553600].
Default value: 30 seconds.
10 Determine the size of outstanding
sessions table (optional).
esr(config)# ip firewall sessions
max-expect <COUNT>
<COUNT> – table size, takes
values of [1..8553600].
Default value: 256.
11 Determine the size of trackable
sessions table (optional).
esr(config)# ip firewall sessions
max-tracking <COUNT>
<COUNT> – table size, takes
values of [1..8553600].
Default value: 512000.
To Next Page
Loading...