conntrack
- system conntrack
- SDE
M10-Smart
M2
RS420
AresC640
Connection tracking engine options
- system conntrack app-detect
- SDE
M10-Smart
M2
RS420
AresC640
Application detection
- system conntrack app-detect debug
- SDE
M10-Smart
M2
RS420
AresC640
Show more verbose log messages
- system conntrack app-detect dictionary <u32>
- SDE
M10-Smart
M2
RS420
AresC640
- Values:
u32 – Priority of the dictionary, affects in the search order
- Instances:
Unique
- system conntrack app-detect dictionary <u32> custom
- SDE
M10-Smart
M2
RS420
AresC640
Custom application dictionary
- system conntrack app-detect dictionary <u32> custom app-id <u32>
- SDE
M10-Smart
M2
RS420
AresC640
- Values:
u32 – Custom application id
- Instances:
Multiple
- system conntrack app-detect dictionary <u32> custom app-id <u32> fqdn <txt>
- SDE
M10-Smart
M2
RS420
AresC640
- Values:
txt – FQDN pattern of custom application id
- Instances:
Multiple
- system conntrack app-detect dictionary <u32> custom app-id <u32> name <txt>
- SDE
M10-Smart
M2
RS420
AresC640
- Values:
txt – Name of custom application id
- system conntrack app-detect dictionary <u32> filename <file>
- SDE
M10-Smart
M2
RS420
AresC640
- Values:
file – Name of application dictionary file
- system conntrack app-detect dns
- SDE
M10-Smart
M2
RS420
AresC640
DNS detection
- system conntrack app-detect dns-host
- SDE
M10-Smart
M2
RS420
AresC640
DNS query hostname detection
- system conntrack app-detect dns-host max-cnames <u32>
- SDE
M10-Smart
M2
RS420
AresC640
Size of DNS CNAME cache
- Values:
u32 – Number of entries allowed in DNS CNAME cache (1-10000)
- system conntrack app-detect enable_dict_match_priv_ip
- SDE
M10-Smart
M2
RS420
AresC640
Allow matches of private ip addresses on no custom dictionaries
- system conntrack app-detect http
- SDE
M10-Smart
M2
RS420
AresC640
HTTP detection
- system conntrack app-detect http-host
- SDE
M10-Smart
M2
RS420
AresC640
HTTP Host header detection
- system conntrack app-detect http-referer
- SDE
M10-Smart
M2
RS420
AresC640
HTTP Referer header detection
- system conntrack app-detect http-url
- SDE
M10-Smart
M2
RS420
AresC640
HTTP request URL detection
- system conntrack app-detect http-user-agent
- SDE
M10-Smart
M2
RS420
AresC640
HTTP User-Agent header detection
- system conntrack app-detect refresh-flow-appid
- SDE
M10-Smart
M2
RS420
AresC640
refresh flow appid when fqdn’s appid is different than ip-cache’s one
- system conntrack app-detect ssl
- SDE
M10-Smart
M2
RS420
AresC640
SSL/TLS detection
- system conntrack app-detect ssl-host
- SDE
M10-Smart
M2
RS420
AresC640
SSL/TLS certificate host detection
- system conntrack debug
- SDE
M10-Smart
M2
RS420
AresC640
Show verbose conntrack log messages
- system conntrack disable
- SDE
M10-Smart
M2
RS420
AresC640
Disable connection tracking
- system conntrack expect-table-size <u32>
- SDE
M10-Smart
M2
RS420
AresC640
Size of connection tracking expect table
- Values:
u32 – Number of entries allowed in connection tracking expect table (1-50000000)
- system conntrack hash-size <u32>
- SDE
M10-Smart
M2
RS420
AresC640
Hash size for connection tracking table
- Values:
u32 – Size of hash to use for connection tracking table (1-50000000)
- system conntrack modules
- SDE
M10-Smart
M2
RS420
AresC640
Connection tracking modules settings
- system conntrack modules ftp
- SDE
M10-Smart
M2
RS420
AresC640
FTP connection tracking settings
- system conntrack modules ftp disable
- SDE
M10-Smart
M2
RS420
AresC640
Disable FTP connection tracking
- system conntrack modules h323
- SDE
M10-Smart
M2
RS420
AresC640
H.323 connection tracking settings
- system conntrack modules h323 disable
- SDE
M10-Smart
M2
RS420
AresC640
Disable H.323 connection tracking
- system conntrack modules pptp
- SDE
M10-Smart
M2
RS420
AresC640
PPTP connection tracking settings
- system conntrack modules pptp disable
- SDE
M10-Smart
M2
RS420
AresC640
Disable PPTP connection tracking
- system conntrack modules sip
- SDE
M10-Smart
M2
RS420
AresC640
SIP connection tracking settings
- system conntrack modules sip disable
- SDE
M10-Smart
M2
RS420
AresC640
Disable SIP connection tracking
- system conntrack modules sip enable-indirect-media
- SDE
M10-Smart
M2
RS420
AresC640
Option to support for indirect media streams
- system conntrack modules sip enable-indirect-signalling
- SDE
M10-Smart
M2
RS420
AresC640
Option to support for indirect signalling streams
- system conntrack modules sip port <u32>
- SDE
M10-Smart
M2
RS420
AresC640
Port number that SIP traffic is carried on
- Values:
u32 – SIP port number (1-65535)
- Instances:
Multiple
- system conntrack modules tftp
- SDE
M10-Smart
M2
RS420
AresC640
TFTP connection tracking settings
- system conntrack modules tftp disable
- SDE
M10-Smart
M2
RS420
AresC640
Disable TFTP connection tracking
- system conntrack replace-clash
- SDE
M10-Smart
M2
RS420
AresC640
Enable replace-clash feature
- system conntrack table-size <u32>
- SDE
M10-Smart
M2
RS420
AresC640
Size of connection tracking table
- Values:
u32 – Number of entries allowed in connection tracking table (1-50000000)
- system conntrack tcp
- SDE
M10-Smart
M2
RS420
AresC640
TCP options
- system conntrack tcp half-open-connections <u32>
- SDE
M10-Smart
M2
RS420
AresC640
Maximum number of TCP half-open connections
- Values:
u32 – Number of connections (1-2147483647)
- system conntrack tcp max-retrans <u32>
- SDE
M10-Smart
M2
RS420
AresC640
TCP maximum retransmit attempts
- Values:
u32 – Generic connection timeout in seconds (1-2147483647)
- system conntrack tcp no-loose
- SDE
M10-Smart
M2
RS420
AresC640
Do not track previously established connections
- system conntrack timeout
- SDE
M10-Smart
M2
RS420
AresC640
Connection timeout options
- system conntrack timeout icmp <u32>
- SDE
M10-Smart
M2
RS420
AresC640
ICMP timeout in seconds
- Values:
u32 – ICMP timeout in seconds (1-21474836)
- system conntrack timeout other <u32>
- SDE
M10-Smart
M2
RS420
AresC640
Generic connection timeout in seconds
- Values:
u32 – Generic connection timeout in seconds (1-21474836)
- system conntrack timeout tcp
- SDE
M10-Smart
M2
RS420
AresC640
TCP connection timeout options
- system conntrack timeout tcp close <u32>
- SDE
M10-Smart
M2
RS420
AresC640
TCP CLOSE timeout in seconds
- Values:
u32 – TCP CLOSE timeout in seconds (1-21474836)
- system conntrack timeout tcp close-wait <u32>
- SDE
M10-Smart
M2
RS420
AresC640
TCP CLOSE-WAIT timeout in seconds
- Values:
u32 – TCP CLOSE-WAIT timeout in seconds (1-21474836)
- system conntrack timeout tcp established <u32>
- SDE
M10-Smart
M2
RS420
AresC640
TCP ESTABLISHED timeout in seconds
- Values:
u32 – TCP ESTABLISHED timeout in seconds (1-21474836)
- system conntrack timeout tcp fin-wait <u32>
- SDE
M10-Smart
M2
RS420
AresC640
TCP FIN-WAIT timeout in seconds
- Values:
u32 – TCP FIN-WAIT timeout in seconds (1-21474836)
- system conntrack timeout tcp last-ack <u32>
- SDE
M10-Smart
M2
RS420
AresC640
TCP LAST-ACK timeout in seconds
- Values:
u32 – TCP LAST-ACK timeout in seconds (1-21474836)
- system conntrack timeout tcp syn-recv <u32>
- SDE
M10-Smart
M2
RS420
AresC640
TCP SYN-RECEIVED timeout in seconds
- Values:
u32 – TCP SYN-RECEIVED timeout in seconds (1-21474836)
- system conntrack timeout tcp syn-sent <u32>
- SDE
M10-Smart
M2
RS420
AresC640
TCP SYN-SENT timeout in seconds
- Values:
u32 – TCP SYN-SENT timeout in seconds (1-21474836)
- system conntrack timeout tcp time-wait <u32>
- SDE
M10-Smart
M2
RS420
AresC640
TCP TIME-WAIT timeout in seconds
- Values:
u32 – TCP TIME-WAIT timeout in seconds (1-21474836)
- system conntrack timeout udp
- SDE
M10-Smart
M2
RS420
AresC640
UDP timeout
- system conntrack timeout udp other <u32>
- SDE
M10-Smart
M2
RS420
AresC640
UDP generic timeout in seconds
- Values:
u32 – UDP generic timeout in seconds (1-21474836)
- system conntrack timeout udp stream <u32>
- SDE
M10-Smart
M2
RS420
AresC640
UDP stream timeout in seconds
- Values:
u32 – UDP stream timeout in seconds (1-21474836)