Flex H Models Routing Protocols e.g. BGP
All Replies
-
Update. I installed the latest firmware, but with the previous firmware, it still had total lockup failure after some time. Only way to recover is to cold boot. I will get feedback from the customer if it happens again with the current image.
0 -
But, here is another annoyance. Here are some console settings that are NOT on the web interface:
running network-stack# conntrack
<return> Validate command.
| Add an output modifier.icmp-timeout Range: 1..300.
Conntrack ICMP timeout.
icmpv6-timeout Range: 1..300.
Conntrack ICMPv6 timeout.
max-entries Range: 16..10000000.
Maximum number of Netfilter conntracks.
tcp-timeout-close Range: 1..300.
Conntrack TCP timeout close.
tcp-timeout-close-wait
Range: 1..300.
Conntrack TCP timeout close wait.
tcp-timeout-established
Range: 1..432000.
Conntrack TCP timeout established.
tcp-timeout-fin-wait Range: 1..300.
Conntrack TCP timeout fin wait.
tcp-timeout-last-ack Range: 1..300.
Conntrack TCP timeout last ack.
tcp-timeout-max-retrans
Range: 1..600.
Conntrack TCP timeout max retrans.
tcp-timeout-syn-recv Range: 1..300.
Conntrack TCP timeout syn recv.
tcp-timeout-syn-sent Range: 1..300.
Conntrack TCP timeout syn sent.
tcp-timeout-time-wait
Range: 1..300.
Conntrack TCP timeout time wait.
tcp-timeout-unacknowledged
Range: 1..600.
Conntrack TCP timeout unacknowledged.
udp-timeout Range: 1..28800.
Conntrack UDP timeout.
udp-timeout-stream Range: 1..28800.
Conntrack UDP timeout stream.These are important settings in at least some cases, where sessions need to be open longer, so these need to be adjusted.
What i cannot find are the default settings, as they are not visible in the running - but please enlighten me if there is a command to show ALL the config , even with the default values.
There is this UPS software where delivery/pickup orders are uploaded via https.
But the response is slow and it looks like it is running into a TCP timeout on the Firewall side, while the UPS website is keeping the session open which ends up in "blocked" messages in the firewall log and a failed upload.
I had something like this on other firewalls and adjusting the half open sessions to a longer timeout.
But without knowing the default values, it is difficult to figure out what to adjust.0 -
and what does this mean - IS-IS routing protocol is enabled?
500H running config# vrf main routing isis
<return> Validate command.
| Add an output modifier.enabled Default: true.
Enable or disable IS-IS.
instance Max count: 4294967295.
Set IS-IS routing instance.This requires some explanation if this is some internal needed feature, otherwise it should not be enabled as it says per default it IS enabled.
0
Freshman Member
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 196 Nebula Ideas
- 121 Nebula Status and Incidents
- 6.3K Security
- 475 USG FLEX H Series
- 312 Security Ideas
- 1.6K Switch
- 82 Switch Ideas
- 1.3K Wireless
- 45 Wireless Ideas
- 6.8K Consumer Product
- 284 Service & License
- 446 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 93 Security Highlight
