Methods used to clear the session table of the USG6000 series

13

Run the reset firewall session table command to clear the session table. You can run the reset firewall ipv6 session command to clear the IPv6 session table.

Other related questions:
Methods used to clear the session table of the USG2000&5000 series
Run the reset firewall session table command to clear the session table. You can run the reset firewall ipv6 session command to clear the IPv6 session table.

Method used to clear the configuration (restoring the factory settings) on the USG2000, USG5000, and USG6000.
The method used to clear the configuration *restoring the factory settings) on USG firewalls is as follows: 1. Hardware methods: Press and hold the RESET button on the device to boot based on the default configuration. Note: It is recommended that you press and hold the RESET button to restore to the default factory settings before the system is powered on. Note the following: You must press the RESET button for more than 10s. Release the RESET button before the system prompts to press Ctrl+B. You can restore the default configuration as follows: If the device is not powered on, press the RESET button and then power on the device. When six indicators on the panel blink at a frequency of about 2 Hz, release the RESET button. The device will boot using the default configuration. If the device is powered on, press and hold the RESET button and then release it in 10s. When you press Ctrl+B, six indicators on the panel blink at a frequency of about 2 Hz, indicating that the device successfully restores to the factory settings. Note: Before powering on the device, press and hold the RESET button. If the indicators blink immediately after you release the button, the button is successfully activated. You must release the RESET button in 10s after the device is powered on. Indicators blink only when the system prompts to press Ctrl+B instead of immediately blinking after the button is released. Do not press the RESET button for multiple times during the system boot. Otherwise, the system fails to restore the default configuration. After the system prompts to press Ctrl+B, if you press the RESET button during system boot or running, the system is not restarted and does not restore to default factory settings. It is recommended that you save the current configuration before pressing the RESET button. 2. Web UI: For the USG2000 and USG5000, on the web UI, choose System > Maintenance > Configuration Management, and click Restore Factory Configuration. For the USG6000, on the Web UI, choose System > Profile Management, and click Restore Factory Configuration. 3. CLI: reset saved-configuration (Clear the saved configuration.) 10:25:15 2015/03/13 The action will delete the saved configuration in the device. The configuration will be erased to reconfigure. Are you sure?[Y/N]y (The configuration will be cleared. Confirm? Press Y.) Now clearing the configuration in the device. 2015-03-13 10:25:19 FW %%01CFM/4/RST_CFG(l): When deciding whether to reset the saved configuration, the user presses Y. Info:Clear the configuration in the device successfully (Successfully cleared) reboot (Restart the device.) 10:25:31 2015/03/13 System will reboot, could you want to save current configuration [Y/N]?n (The system will restart. Save the current configuration? Press N. If you press Y, the original configuration is saved again and the configuration is not cleared.) System will reboot! Continue?[Y/N]:y (The device will restart. Press Y.) After the device is restarted, the configuration is cleared.

Session table query on a firewall
You can query the session table on the web UI and CLI. For the USG6000 series, on the web UI, choose Monitor > Session Table to query the session table and NAT detailed information. For the USG2000&5000 series, on the web UI, choose Firewall > Monitor > Session Table to query the session table. For the USG2000&5000 and USG6000 series, you can run the display firewall session table command to view the session table, or run the display firewall session table nat command to view the NAT session table.

Meaning of content in a session table
A session table example is displayed as follows: ID: a48f3648905d02c0553591da1 //Indicates the session ID. zone: dmz -> trust //The first packet of the session is from the DMZ (source zone) to the Trust zone (destination zone). ttl: 00:20:00 left: 00:19:43 //ttl indicates the aging time of the session table, and left indicates the remaining time for aging. Interface: E1 Nexthop: 10.0.0.145 Mac: 00-00-5e-00-01-0f //Indicates the outbound interface, next-hop IP address, and MAC address of the first packet of the session. <-- packets:686 bytes:50264 --> packets:500 bytes:40828 //<-- indicates the number of bytes and packets in the inbound direction of the session. --> indicates the number of bytes and packets in the outbound direction or within the zone. 121.14.74.21:14000<--10.252.204.111:16503 //<-- indicates that the first packet of the session is in inbound direction. --> indicates that the first packet of the session is in outbound direction or the same zone. In session packet statistics, the arrow points the packet direction. 1. The following 10 packets are collected in the direction from 172.16.10.1 to 172.16.0.96. udp VPN: public -> public Zone: trust -> untrust TTL: 00:02:00 Left: 00:01:59 Interface: G2/0/1 Nexthop: 172.16.0.96 MAC: 00-00-00-00-00-00 <-- packets:0 bytes:0 --> packets:10 bytes:5636 172.16.10.1:1517-->172.16.0.96:1231 2. The following five packets are collected in the direction from 172.16.1.26 to 172.16.10.22. udp VPN: public -> public Zone: untrust -> trust TTL: 00:02:00 Left: 00:02:00 Interface: G2/0/0 Nexthop: 172.16.10.22 MAC: 00-00-00-00-00-00 <-- packets:5 bytes:7930 --> packets:0 bytes:0 172.16.10.22:1517<--172.16.1.26:48988

Method used to set the NAT64 prefix on the USG6000 series
The USG6000 series determine the implementation of NAT64 processing on an IPv6 packet by checking whether the destination address of the IPv6 packet contains the NAT64 prefix. The NAT64 prefix is classified into the following types: Well-known prefix: 64:FF9B::/96 User-defined prefix: The prefix can contain 32, 40, 48, 56, 64, or 96 bits. The position where an IPv4 address is embedded in an IPv6 address varies depending on prefix lengths. The rules are as follows: When the prefix has 32 bits, the IPv4 address is embedded in bits 32-63 in the IPv6 address. When the prefix has 40 bits, 24 bits of the IPv4 address are embedded in bits 40-63 in the IPv6 address, and the remaining 8 bits of the IPv4 address are embedded in bits 72-79 in the IPv6 address. When the prefix has 48 bits, 16 bits of the IPv4 address are embedded in bits 48-63 in the IPv6 address, and the remaining 16 bits of the IPv4 address are embedded in bits 72-87 in the IPv6 address. When the prefix has 56 bits, 8 bits of the IPv4 address are embedded in bits 56-63 in the IPv6 address, and the remaining 24 bits of the IPv4 address are embedded in bits 72-95 in the IPv6 address. When the prefix has 64 bits, the IPv4 address is embedded in bits 72-103 in the IPv6 address. When the prefix has 96 bits, the IPv4 address is embedded in bits 96-127 in the IPv6 address. Taking IPv4 address 192.168.0.1 and NAT prefix 3000::/64 as an example, the IPv6 address corresponding to this IPv4 is 3000:0000:0000:0000:00C0:A800:0100:0000, that is, 3000::C0:A800:100:0. Configure the NAT64 prefix as follows: 1. In the user view, run the system-view command to enter the system view. 2. Run the nat64 prefix prefix prefix-length command to configure the NAT64 prefix.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top