Meaning of port information in an ICMP quintuple session on a firewall

21

The ICMP protocol does not have port information. The port number in the ICMP session on a firewall is randomly allocated by the firewall to form a quintuple. The port information indicates the ICMP structure ID field value in a packet.

Other related questions:
Query of session information of a specific protocol
For the USG2000&5000 and USG6000 series, you can run the display firewall session table [ verbose ] protocol protocol-name command to view session information about a specific protocol. The protocol can be TCP, UDP, or ICMP.

USG6600 ICMP session aging time
The USG2000&5000&6000 ICMP session aging time is 20 seconds. You can run the display firewall session aging-time command to view the aging time.

Meaning of quintuple packet capture for the USG6000 series
Quintuple packet capture enables the USG6000 series to copy the passing packets and save or display them in a certain format on the USG. If the USG or service is faulty and the fault cannot be located after you check the configuration and statistics, you can enable quintuple packet capture for the USG to capture packets of specified flows for fault analysis.

Meaning of quintuple packet capture for the USG2000&5000 series
Quintuple packet capture enables the USG2000&5000 series to copy the passing packets and save or display them in a certain format on the USG. If the USG or service is faulty and the fault cannot be located after you check the configuration and statistics, you can enable quintuple packet capture for the USG to capture packets of specified flows for fault analysis.

Meaning of content in a session table
A session table example is displayed as follows: ID: a48f3648905d02c0553591da1 //Indicates the session ID. zone: dmz -> trust //The first packet of the session is from the DMZ (source zone) to the Trust zone (destination zone). ttl: 00:20:00 left: 00:19:43 //ttl indicates the aging time of the session table, and left indicates the remaining time for aging. Interface: E1 Nexthop: 10.0.0.145 Mac: 00-00-5e-00-01-0f //Indicates the outbound interface, next-hop IP address, and MAC address of the first packet of the session. <-- packets:686 bytes:50264 --> packets:500 bytes:40828 //<-- indicates the number of bytes and packets in the inbound direction of the session. --> indicates the number of bytes and packets in the outbound direction or within the zone. 121.14.74.21:14000<--10.252.204.111:16503 //<-- indicates that the first packet of the session is in inbound direction. --> indicates that the first packet of the session is in outbound direction or the same zone. In session packet statistics, the arrow points the packet direction. 1. The following 10 packets are collected in the direction from 172.16.10.1 to 172.16.0.96. udp VPN: public -> public Zone: trust -> untrust TTL: 00:02:00 Left: 00:01:59 Interface: G2/0/1 Nexthop: 172.16.0.96 MAC: 00-00-00-00-00-00 <-- packets:0 bytes:0 --> packets:10 bytes:5636 172.16.10.1:1517-->172.16.0.96:1231 2. The following five packets are collected in the direction from 172.16.1.26 to 172.16.10.22. udp VPN: public -> public Zone: untrust -> trust TTL: 00:02:00 Left: 00:02:00 Interface: G2/0/0 Nexthop: 172.16.10.22 MAC: 00-00-00-00-00-00 <-- packets:5 bytes:7930 --> packets:0 bytes:0 172.16.10.22:1517<--172.16.1.26:48988

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top