How do I configure and check the aging time of the NAT session table on the AR router

3

The firewall-nat session aging-time command on the Huawei AR router sets the aging time of session entries. The display nat session all command displays the NAT session table. The reset nat session all command deletes NAT mapping entries. For example: Set the aging time of FTP session entries to 60 seconds. [Huawei] firewall-nat session ftp aging-time 60

Other related questions:
Configure session table aging time of the firewall on an AR router
Background information A router creates session tables for data flows that pass the firewall over TCP, UDP, or ICMP. The session tables record connection status of the protocols. If packets do not hit a record within the aging time (the aging time expires), corresponding session entry is deleted. To modify the aging time of a protocol, configure the session table aging time of the firewall. Operation procedure Run the system-view command to access the system view. Run the firewall-nat session { dns | ftp | ftp-data | http | icmp | tcp | tcp-proxy | udp | sip | sip-media | rtsp | rtsp-media | pptp | pptp-data } aging-time time-value command to configure the session table aging time of the firewall. By default, the aging time of different protocols is as follows: DNS (120s), FTP (120s), FTP-data (120s), HTTP (120s), ICMP (20s), TCP (600s), TCP-proxy (10s), UDP (120s), SIP (1800s), SIP-media (120s), RTSP (60s), RTSP-media (120s), PPTP (600s), and PPTP-data (600s). You are advised to use the default aging time. Check the configuration result. Run the display firewall-nat session aging-time command to check information about the session table aging time. Note: The AR510 series routers do not support the keywords SIP and SIP-media.

How are NAT session tables of the AR router forcibly aged
Run the reset nat session all command to age the NAT session table.

What is the method of how to configure and check AR router NAT flow table aging time?
HUAWEI AR router, the implementation of the "firewall-nat session aging-time" command can configure a variety of session table items aging time. "Display NAT session all" command can be executed to view the NAT flow table information. Perform "reset NAT all session" command to clear the NAT mapping table entry. For example, To configure FTP sessions is 60 seconds. [Huawei] firewall-nat FTP aging-time 60

How do I forcibly age NAT session tables
Run the reset nat session all command to forcibly age NAT session tables.

How do I view the NAT session table on the AR router
Run the display nat session all command to check NAT session table information.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top