Configure session table aging time of the firewall on an AR router

12

Background information
A router creates session tables for data flows that pass the firewall over TCP, UDP, or ICMP. The session tables record connection status of the protocols. If packets do not hit a record within the aging time (the aging time expires), corresponding session entry is deleted. To modify the aging time of a protocol, configure the session table aging time of the firewall.
Operation procedure
Run the system-view command to access the system view.
Run the firewall-nat session { dns | ftp | ftp-data | http | icmp | tcp | tcp-proxy | udp | sip | sip-media | rtsp | rtsp-media | pptp | pptp-data } aging-time time-value command to configure the session table aging time of the firewall.
By default, the aging time of different protocols is as follows: DNS (120s), FTP (120s), FTP-data (120s), HTTP (120s), ICMP (20s), TCP (600s), TCP-proxy (10s), UDP (120s), SIP (1800s), SIP-media (120s), RTSP (60s), RTSP-media (120s), PPTP (600s), and PPTP-data (600s).
You are advised to use the default aging time.
Check the configuration result.
Run the display firewall-nat session aging-time command to check information about the session table aging time.
Note: The AR510 series routers do not support the keywords SIP and SIP-media.

Other related questions:
Firewall session aging time
Generally, you can use the default aging time of the session table. To change the aging time of the session table for a specific protocol type, run the firewall session aging-time command. For the USG2000&5000 series, you can set the service aging time on the web UI. On the web UI, choose Firewall > Service > Service Aging Time. To view the aging time of the session entries of all traffic in the current system, you can run the display firewall session aging-time command.

How do I configure and check the aging time of the NAT session table on the AR router
The firewall-nat session aging-time command on the Huawei AR router sets the aging time of session entries. The display nat session all command displays the NAT session table. The reset nat session all command deletes NAT mapping entries. For example: Set the aging time of FTP session entries to 60 seconds. [Huawei] firewall-nat session ftp aging-time 60

How are NAT session tables of the AR router forcibly aged
Run the reset nat session all command to age the NAT session table.

What is the method of how to configure and check AR router NAT flow table aging time?
HUAWEI AR router, the implementation of the "firewall-nat session aging-time" command can configure a variety of session table items aging time. "Display NAT session all" command can be executed to view the NAT flow table information. Perform "reset NAT all session" command to clear the NAT mapping table entry. For example, To configure FTP sessions is 60 seconds. [Huawei] firewall-nat FTP aging-time 60

How can I set the aging time of the traffic forwarding table

You can use the firewall-nat session aging-time command to set the aging time of the session entries.

Configuration Example

# Set the aging time of FTP session entries to 60 seconds.

 system-view
[Huawei] firewall-nat session ftp aging-time 60

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top