conntrack

system conntrack: Devices
Connection tracking engine options

system conntrack app-detect: Devices
Application detection

system conntrack app-detect app-id-storage

Devices

Select Application ID storage mode

Instances:: Unique

system conntrack app-detect app-id-storage chained: Devices
All detected Application ID are stored for the traffic session

system conntrack app-detect app-id-storage override: Devices
Only highest layer Application ID is stored for the traffic session (default behavior)

system conntrack app-detect debug: Devices
Show more verbose log messages

system conntrack app-detect dictionary <u32>

Devices

Values:

u32 – Priority of the dictionary, affects in the search order

Instances:

Unique

system conntrack app-detect dictionary <u32> filename <file>

Devices

Values:

file – Name of local application dictionary file

system conntrack app-detect dictionary <u32> local: Devices
Local application dictionary defined in CLI

system conntrack app-detect dictionary <u32> local app-id: Devices
Application ID definition

system conntrack app-detect dictionary <u32> local app-id custom <u32>

Devices

Custom Application ID

Values:

u32 – USER-Defined Selector ID number (0-65535)

Instances:

Multiple

system conntrack app-detect dictionary <u32> local app-id custom <u32> fqdn <txt>

Devices

Values:

txt – FQDN or hostname pattern of custom Application ID

Instances:

Multiple

system conntrack app-detect dictionary <u32> local app-id custom <u32> name <txt>

Devices

Values:

txt – Name of custom Application ID

system conntrack app-detect dictionary <u32> local app-id engine <u32>

Devices

Classification Engine ID

Values:

u32 – Engine ID number (1-255)

Instances:

Multiple

system conntrack app-detect dictionary <u32> local app-id engine <u32> selector <u32>

Devices

Selector ID for Classification Engine ID

Values:

u32 – Selector ID number (0-65535)

Instances:

Multiple

system conntrack app-detect dictionary <u32> local app-id engine <u32> selector <u32> fqdn <txt>

Devices

Values:

txt – FQDN or hostname pattern of Application ID

Instances:

Multiple

system conntrack app-detect dictionary <u32> local app-id engine <u32> selector <u32> name <txt>

Devices

Values:

txt – Name of Application ID

system conntrack app-detect dictionary <u32> remote

Devices

Application dictionary hosted on a remote server

Required:: system conntrack app-detect dictionary <u32> remote encrypted-key <password>
Required:: system conntrack app-detect dictionary <u32> remote property
Required:: system conntrack app-detect dictionary <u32> remote encrypted-url <password>

system conntrack app-detect dictionary <u32> remote alarm: Devices
Alarm triggered according to remote server status

system conntrack app-detect dictionary <u32> remote alarm connection-error <txt>

Devices

Alarm triggered when error detected in the connection to the remote server

Reference:: system alarm <txt>

system conntrack app-detect dictionary <u32> remote encrypted-key <password>

Devices

Values:

password – Encrypted key to connect to the application dictionary server

system conntrack app-detect dictionary <u32> remote encrypted-url <password>

Devices

Values:

password – Application dictionary server encrypted url

system conntrack app-detect dictionary <u32> remote key <txt>

Devices

Values:

txt – Key to connect to the application dictionary server

system conntrack app-detect dictionary <u32> remote local-address <ipv4>

Devices

Bind to local IP address

Values:

ipv4 – IPv4 address

Local IP address:

system conntrack app-detect dictionary <u32> remote local-interface <ifc>

Devices

Values:

ifc – Bind to local interface

system conntrack app-detect dictionary <u32> remote local-vrf <id>

Devices

Bind to local Virtual Routing and Forwarding domain name

Reference:: system vrf <id>

system conntrack app-detect dictionary <u32> remote mark <u32>

Devices

Values:

u32 – Choose a specific number to mark remote dictionary traffic

system conntrack app-detect dictionary <u32> remote max-entries <u32>

Devices

Maximum number of entries in remote dictionary

Values:

u32 – Number of entries allowed in remote dictionary (256-1048576)

system conntrack app-detect dictionary <u32> remote property

Devices

Classification property retrieved from remote dictionary

Instances:: Unique

system conntrack app-detect dictionary <u32> remote property category: Devices
Retrieve category from remote dictionary

system conntrack app-detect dictionary <u32> remote property reputation: Devices
Retrieve reputation from remote dictionary

system conntrack app-detect dictionary <u32> remote ssl-allow-insecure: Devices
Do not verify the authenticity of the SSL certificate and do not check hostname match

system conntrack app-detect dictionary <u32> remote url <txt>

Devices

Values:

txt – Application dictionary server url

system conntrack app-detect dictionary <u32> remote vrf-mark <id>

Devices

Choose a specific VRF to mark remote dictionary traffic

Reference:: system vrf <id>

system conntrack app-detect dns: Devices
DNS detection

system conntrack app-detect dns-host: Devices
DNS query hostname detection

system conntrack app-detect dns-host disable-continuous-resolution: Devices
Disable continuous resolution of FQDNs to update application IDs

system conntrack app-detect dns-host max-cnames <u32>

Devices

Size of DNS CNAME cache

Values:

u32 – Number of entries allowed in DNS CNAME cache (1-1048576)

system conntrack app-detect enable_dict_match_priv_ip: Devices
Allow matches of private ip addresses on no custom dictionaries

system conntrack app-detect http: Devices
HTTP detection

system conntrack app-detect http-host: Devices
HTTP Host header detection

system conntrack app-detect http-referer: Devices
HTTP Referer header detection

system conntrack app-detect http-url: Devices
HTTP request URL detection

system conntrack app-detect http-user-agent: Devices
HTTP User-Agent header detection

system conntrack app-detect ip-cache: Devices
Ip-cache configuration

system conntrack app-detect ip-cache blacklist: Devices
Allow to exclude an IP from the ip-cache when App-Id is flapping

system conntrack app-detect ip-cache timeout <u32>

Devices

[Not recommended to set] IP cache entry timeout in seconds.

Values:

u32 – Timeout in seconds (1-86400)

system conntrack app-detect refresh-flow-appid: Devices
Refresh flow appid when fqdn’s appid is different than ip-cache’s one

system conntrack app-detect ssl: Devices
SSL/TLS detection

system conntrack app-detect ssl-host: Devices
SSL/TLS certificate host detection

system conntrack disable: Devices
Disable connection tracking

system conntrack expect-table-size <u32>

Devices

Size of connection tracking expect table

Values:

u32 – Number of entries allowed in connection tracking expect table (1-50000000)

system conntrack hash-size <u32>

Devices

Hash size for connection tracking table

Values:

u32 – Size of hash to use for connection tracking table (1-50000000)

system conntrack logging: Devices
Log conntrack events

system conntrack logging events <txt>

Devices

Specify events to capture

Values:

new – NEW events
update – UPDATE events
destroy – DESTROY events
all – all the previously events

Instances:

Multiple

system conntrack logging identity <txt>

Devices

Specify the identity name of the log entries

Values:

txt – Identity name (1-92)

system conntrack logging log-level <txt>

Devices

Specify log level to use (The events will be displayed with the specified level format)

Values:

err – Error messages
warning – Warning messages
notice – Messages for further investigation
info – Informational messages
debug – Debug messages

system conntrack modules: Devices
Connection tracking modules settings

system conntrack modules ftp: Devices
FTP connection tracking settings

system conntrack modules ftp disable: Devices
Disable FTP connection tracking

system conntrack modules h323: Devices
H.323 connection tracking settings

system conntrack modules h323 disable: Devices
Disable H.323 connection tracking

system conntrack modules pptp: Devices
PPTP connection tracking settings

system conntrack modules pptp disable: Devices
Disable PPTP connection tracking

system conntrack modules sip: Devices
SIP connection tracking settings

system conntrack modules sip disable: Devices
Disable SIP connection tracking

system conntrack modules sip enable-indirect-media: Devices
Option to support for indirect media streams

system conntrack modules sip enable-indirect-signalling: Devices
Option to support for indirect signalling streams

system conntrack modules sip port <u32>

Devices

Port number that SIP traffic is carried on

Values:

u32 – SIP port number (1-65535)

Instances:

Multiple

system conntrack modules tftp: Devices
TFTP connection tracking settings

system conntrack modules tftp disable: Devices
Disable TFTP connection tracking

system conntrack replace-clash: Devices
Enable replace-clash feature

system conntrack table-size <u32>

Devices

Size of connection tracking table

Values:

u32 – Number of entries allowed in connection tracking table (1-50000000)

system conntrack tcp: Devices
TCP options

system conntrack tcp half-open-connections <u32>

Devices

Maximum number of TCP half-open connections

Values:

u32 – Number of connections (1-2147483647)

system conntrack tcp max-retrans <u32>

Devices

TCP maximum retransmit attempts

Values:

u32 – Generic connection timeout in seconds (1-2147483647)

system conntrack tcp no-loose: Devices
Do not track previously established connections

system conntrack timeout: Devices
Connection timeout options

system conntrack timeout icmp <u32>

Devices

ICMP timeout in seconds

Values:

u32 – ICMP timeout in seconds (1-21474836)

system conntrack timeout other <u32>

Devices

Generic connection timeout in seconds

Values:

u32 – Generic connection timeout in seconds (1-21474836)

system conntrack timeout tcp: Devices
TCP connection timeout options

system conntrack timeout tcp close <u32>

Devices

TCP CLOSE timeout in seconds

Values:

u32 – TCP CLOSE timeout in seconds (1-21474836)

system conntrack timeout tcp close-wait <u32>

Devices

TCP CLOSE-WAIT timeout in seconds

Values:

u32 – TCP CLOSE-WAIT timeout in seconds (1-21474836)

system conntrack timeout tcp established <u32>

Devices

TCP ESTABLISHED timeout in seconds

Values:

u32 – TCP ESTABLISHED timeout in seconds (1-21474836)

system conntrack timeout tcp fin-wait <u32>

Devices

TCP FIN-WAIT timeout in seconds

Values:

u32 – TCP FIN-WAIT timeout in seconds (1-21474836)

system conntrack timeout tcp last-ack <u32>

Devices

TCP LAST-ACK timeout in seconds

Values:

u32 – TCP LAST-ACK timeout in seconds (1-21474836)

system conntrack timeout tcp syn-recv <u32>

Devices

TCP SYN-RECEIVED timeout in seconds

Values:

u32 – TCP SYN-RECEIVED timeout in seconds (1-21474836)

system conntrack timeout tcp syn-sent <u32>

Devices

TCP SYN-SENT timeout in seconds

Values:

u32 – TCP SYN-SENT timeout in seconds (1-21474836)

system conntrack timeout tcp time-wait <u32>

Devices

TCP TIME-WAIT timeout in seconds

Values:

u32 – TCP TIME-WAIT timeout in seconds (1-21474836)

system conntrack timeout udp: Devices
UDP timeout

system conntrack timeout udp other <u32>

Devices

UDP generic timeout in seconds

Values:

u32 – UDP generic timeout in seconds (1-21474836)

system conntrack timeout udp stream <u32>

Devices

UDP stream timeout in seconds

Values:

u32 – UDP stream timeout in seconds (1-21474836)