conntrack --------- .. osdx:cfgcmd:: system conntrack .. raw:: html Devices Connection tracking engine options .. osdx:cfgcmd:: system conntrack app-detect .. raw:: html Devices Application detection .. osdx:cfgcmd:: system conntrack app-detect app-id-storage .. raw:: html Devices Select Application ID storage mode :instances: Unique .. osdx:cfgcmd:: system conntrack app-detect app-id-storage chained .. raw:: html Devices All detected Application ID are stored for the traffic session .. osdx:cfgcmd:: system conntrack app-detect app-id-storage override .. raw:: html Devices Only highest layer Application ID is stored for the traffic session (default behavior) .. osdx:cfgcmd:: system conntrack app-detect debug .. raw:: html Devices Show more verbose log messages .. osdx:cfgcmd:: system conntrack app-detect dictionary .. raw:: html Devices :arg u32: Priority of the dictionary, affects in the search order :instances: Unique .. osdx:cfgcmd:: system conntrack app-detect dictionary filename .. raw:: html Devices :arg file: Name of local application dictionary file .. osdx:cfgcmd:: system conntrack app-detect dictionary local .. raw:: html Devices Local application dictionary defined in CLI .. osdx:cfgcmd:: system conntrack app-detect dictionary local app-id .. raw:: html Devices Application ID definition .. osdx:cfgcmd:: system conntrack app-detect dictionary local app-id custom .. raw:: html Devices Custom Application ID :arg u32: USER-Defined Selector ID number (0-65535) :instances: Multiple .. osdx:cfgcmd:: system conntrack app-detect dictionary local app-id custom fqdn .. raw:: html Devices :arg txt: FQDN or hostname pattern of custom Application ID :instances: Multiple .. osdx:cfgcmd:: system conntrack app-detect dictionary local app-id custom name .. raw:: html Devices :arg txt: Name of custom Application ID .. osdx:cfgcmd:: system conntrack app-detect dictionary local app-id engine .. raw:: html Devices Classification Engine ID :arg u32: Engine ID number (1-255) :instances: Multiple .. osdx:cfgcmd:: system conntrack app-detect dictionary local app-id engine selector .. raw:: html Devices Selector ID for Classification Engine ID :arg u32: Selector ID number (0-65535) :instances: Multiple .. osdx:cfgcmd:: system conntrack app-detect dictionary local app-id engine selector fqdn .. raw:: html Devices :arg txt: FQDN or hostname pattern of Application ID :instances: Multiple .. osdx:cfgcmd:: system conntrack app-detect dictionary local app-id engine selector name .. raw:: html Devices :arg txt: Name of Application ID .. osdx:cfgcmd:: system conntrack app-detect dictionary remote .. raw:: html Devices Application dictionary hosted on a remote server :ref Required: system conntrack app-detect dictionary * remote encrypted-key * :ref Required: system conntrack app-detect dictionary * remote property :ref Required: system conntrack app-detect dictionary * remote encrypted-url * .. osdx:cfgcmd:: system conntrack app-detect dictionary remote alarm .. raw:: html Devices Alarm triggered according to remote server status .. osdx:cfgcmd:: system conntrack app-detect dictionary remote alarm connection-error .. raw:: html Devices Alarm triggered when error detected in the connection to the remote server :ref Reference: system alarm * .. osdx:cfgcmd:: system conntrack app-detect dictionary remote encrypted-key .. raw:: html Devices :arg password: Encrypted key to connect to the application dictionary server .. osdx:cfgcmd:: system conntrack app-detect dictionary remote encrypted-url .. raw:: html Devices :arg password: Application dictionary server encrypted url .. osdx:cfgcmd:: system conntrack app-detect dictionary remote key .. raw:: html Devices :arg txt: Key to connect to the application dictionary server .. osdx:cfgcmd:: system conntrack app-detect dictionary remote local-address .. raw:: html Devices Bind to local IP address :arg ipv4: IPv4 address :Local IP address: .. osdx:cfgcmd:: system conntrack app-detect dictionary remote local-interface .. raw:: html Devices :arg ifc: Bind to local interface .. osdx:cfgcmd:: system conntrack app-detect dictionary remote local-vrf .. raw:: html Devices Bind to local Virtual Routing and Forwarding domain name :ref Reference: system vrf * .. osdx:cfgcmd:: system conntrack app-detect dictionary remote mark .. raw:: html Devices :arg u32: Choose a specific number to mark remote dictionary traffic .. osdx:cfgcmd:: system conntrack app-detect dictionary remote max-entries .. raw:: html Devices Maximum number of entries in remote dictionary :arg u32: Number of entries allowed in remote dictionary (256-1048576) .. osdx:cfgcmd:: system conntrack app-detect dictionary remote property .. raw:: html Devices Classification property retrieved from remote dictionary :instances: Unique .. osdx:cfgcmd:: system conntrack app-detect dictionary remote property category .. raw:: html Devices Retrieve category from remote dictionary .. osdx:cfgcmd:: system conntrack app-detect dictionary remote property reputation .. raw:: html Devices Retrieve reputation from remote dictionary .. osdx:cfgcmd:: system conntrack app-detect dictionary remote ssl-allow-insecure .. raw:: html Devices Do not verify the authenticity of the SSL certificate and do not check hostname match .. osdx:cfgcmd:: system conntrack app-detect dictionary remote url .. raw:: html Devices :arg txt: Application dictionary server url .. osdx:cfgcmd:: system conntrack app-detect dictionary remote vrf-mark .. raw:: html Devices Choose a specific VRF to mark remote dictionary traffic :ref Reference: system vrf * .. osdx:cfgcmd:: system conntrack app-detect dns .. raw:: html Devices DNS detection .. osdx:cfgcmd:: system conntrack app-detect dns-host .. raw:: html Devices DNS query hostname detection .. osdx:cfgcmd:: system conntrack app-detect dns-host disable-continuous-resolution .. raw:: html Devices Disable continuous resolution of FQDNs to update application IDs .. osdx:cfgcmd:: system conntrack app-detect dns-host max-cnames .. raw:: html Devices Size of DNS CNAME cache :arg u32: Number of entries allowed in DNS CNAME cache (1-1048576) .. osdx:cfgcmd:: system conntrack app-detect enable_dict_match_priv_ip .. raw:: html Devices Allow matches of private ip addresses on no custom dictionaries .. osdx:cfgcmd:: system conntrack app-detect http .. raw:: html Devices HTTP detection .. osdx:cfgcmd:: system conntrack app-detect http-host .. raw:: html Devices HTTP Host header detection .. osdx:cfgcmd:: system conntrack app-detect http-referer .. raw:: html Devices HTTP Referer header detection .. osdx:cfgcmd:: system conntrack app-detect http-url .. raw:: html Devices HTTP request URL detection .. osdx:cfgcmd:: system conntrack app-detect http-user-agent .. raw:: html Devices HTTP User-Agent header detection .. osdx:cfgcmd:: system conntrack app-detect ip-cache .. raw:: html Devices Ip-cache configuration .. osdx:cfgcmd:: system conntrack app-detect ip-cache blacklist .. raw:: html Devices Allow to exclude an IP from the ip-cache when App-Id is flapping .. osdx:cfgcmd:: system conntrack app-detect ip-cache timeout .. raw:: html Devices [Not recommended to set] IP cache entry timeout in seconds. :arg u32: Timeout in seconds (1-86400) .. osdx:cfgcmd:: system conntrack app-detect refresh-flow-appid .. raw:: html Devices Refresh flow appid when fqdn's appid is different than ip-cache's one .. osdx:cfgcmd:: system conntrack app-detect ssl .. raw:: html Devices SSL/TLS detection .. osdx:cfgcmd:: system conntrack app-detect ssl-host .. raw:: html Devices SSL/TLS certificate host detection .. osdx:cfgcmd:: system conntrack disable .. raw:: html Devices Disable connection tracking .. osdx:cfgcmd:: system conntrack expect-table-size .. raw:: html Devices Size of connection tracking expect table :arg u32: Number of entries allowed in connection tracking expect table (1-50000000) .. osdx:cfgcmd:: system conntrack hash-size .. raw:: html Devices Hash size for connection tracking table :arg u32: Size of hash to use for connection tracking table (1-50000000) .. osdx:cfgcmd:: system conntrack logging .. raw:: html Devices Log conntrack events .. osdx:cfgcmd:: system conntrack logging events .. raw:: html Devices Specify events to capture :arg new: NEW events :arg update: UPDATE events :arg destroy: DESTROY events :arg all: all the previously events :instances: Multiple .. osdx:cfgcmd:: system conntrack logging identity .. raw:: html Devices Specify the identity name of the log entries :arg txt: Identity name (1-92) .. osdx:cfgcmd:: system conntrack logging log-level .. raw:: html Devices Specify log level to use (The events will be displayed with the specified level format) :arg err: Error messages :arg warning: Warning messages :arg notice: Messages for further investigation :arg info: Informational messages :arg debug: Debug messages .. osdx:cfgcmd:: system conntrack modules .. raw:: html Devices Connection tracking modules settings .. osdx:cfgcmd:: system conntrack modules ftp .. raw:: html Devices FTP connection tracking settings .. osdx:cfgcmd:: system conntrack modules ftp disable .. raw:: html Devices Disable FTP connection tracking .. osdx:cfgcmd:: system conntrack modules h323 .. raw:: html Devices H.323 connection tracking settings .. osdx:cfgcmd:: system conntrack modules h323 disable .. raw:: html Devices Disable H.323 connection tracking .. osdx:cfgcmd:: system conntrack modules pptp .. raw:: html Devices PPTP connection tracking settings .. osdx:cfgcmd:: system conntrack modules pptp disable .. raw:: html Devices Disable PPTP connection tracking .. osdx:cfgcmd:: system conntrack modules sip .. raw:: html Devices SIP connection tracking settings .. osdx:cfgcmd:: system conntrack modules sip disable .. raw:: html Devices Disable SIP connection tracking .. osdx:cfgcmd:: system conntrack modules sip enable-indirect-media .. raw:: html Devices Option to support for indirect media streams .. osdx:cfgcmd:: system conntrack modules sip enable-indirect-signalling .. raw:: html Devices Option to support for indirect signalling streams .. osdx:cfgcmd:: system conntrack modules sip port .. raw:: html Devices Port number that SIP traffic is carried on :arg u32: SIP port number (1-65535) :instances: Multiple .. osdx:cfgcmd:: system conntrack modules tftp .. raw:: html Devices TFTP connection tracking settings .. osdx:cfgcmd:: system conntrack modules tftp disable .. raw:: html Devices Disable TFTP connection tracking .. osdx:cfgcmd:: system conntrack replace-clash .. raw:: html Devices Enable replace-clash feature .. osdx:cfgcmd:: system conntrack table-size .. raw:: html Devices Size of connection tracking table :arg u32: Number of entries allowed in connection tracking table (1-50000000) .. osdx:cfgcmd:: system conntrack tcp .. raw:: html Devices TCP options .. osdx:cfgcmd:: system conntrack tcp half-open-connections .. raw:: html Devices Maximum number of TCP half-open connections :arg u32: Number of connections (1-2147483647) .. osdx:cfgcmd:: system conntrack tcp max-retrans .. raw:: html Devices TCP maximum retransmit attempts :arg u32: Generic connection timeout in seconds (1-2147483647) .. osdx:cfgcmd:: system conntrack tcp no-loose .. raw:: html Devices Do not track previously established connections .. osdx:cfgcmd:: system conntrack timeout .. raw:: html Devices Connection timeout options .. osdx:cfgcmd:: system conntrack timeout icmp .. raw:: html Devices ICMP timeout in seconds :arg u32: ICMP timeout in seconds (1-21474836) .. osdx:cfgcmd:: system conntrack timeout other .. raw:: html Devices Generic connection timeout in seconds :arg u32: Generic connection timeout in seconds (1-21474836) .. osdx:cfgcmd:: system conntrack timeout tcp .. raw:: html Devices TCP connection timeout options .. osdx:cfgcmd:: system conntrack timeout tcp close .. raw:: html Devices TCP CLOSE timeout in seconds :arg u32: TCP CLOSE timeout in seconds (1-21474836) .. osdx:cfgcmd:: system conntrack timeout tcp close-wait .. raw:: html Devices TCP CLOSE-WAIT timeout in seconds :arg u32: TCP CLOSE-WAIT timeout in seconds (1-21474836) .. osdx:cfgcmd:: system conntrack timeout tcp established .. raw:: html Devices TCP ESTABLISHED timeout in seconds :arg u32: TCP ESTABLISHED timeout in seconds (1-21474836) .. osdx:cfgcmd:: system conntrack timeout tcp fin-wait .. raw:: html Devices TCP FIN-WAIT timeout in seconds :arg u32: TCP FIN-WAIT timeout in seconds (1-21474836) .. osdx:cfgcmd:: system conntrack timeout tcp last-ack .. raw:: html Devices TCP LAST-ACK timeout in seconds :arg u32: TCP LAST-ACK timeout in seconds (1-21474836) .. osdx:cfgcmd:: system conntrack timeout tcp syn-recv .. raw:: html Devices TCP SYN-RECEIVED timeout in seconds :arg u32: TCP SYN-RECEIVED timeout in seconds (1-21474836) .. osdx:cfgcmd:: system conntrack timeout tcp syn-sent .. raw:: html Devices TCP SYN-SENT timeout in seconds :arg u32: TCP SYN-SENT timeout in seconds (1-21474836) .. osdx:cfgcmd:: system conntrack timeout tcp time-wait .. raw:: html Devices TCP TIME-WAIT timeout in seconds :arg u32: TCP TIME-WAIT timeout in seconds (1-21474836) .. osdx:cfgcmd:: system conntrack timeout udp .. raw:: html Devices UDP timeout .. osdx:cfgcmd:: system conntrack timeout udp other .. raw:: html Devices UDP generic timeout in seconds :arg u32: UDP generic timeout in seconds (1-21474836) .. osdx:cfgcmd:: system conntrack timeout udp stream .. raw:: html Devices UDP stream timeout in seconds :arg u32: UDP stream timeout in seconds (1-21474836)