conntrack --------- .. osdx:cfgcmd:: system conntrack .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Connection tracking engine options .. osdx:cfgcmd:: system conntrack app-detect .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Application detection .. osdx:cfgcmd:: system conntrack app-detect app-id-storage .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Select Application ID storage mode :instances: Unique .. osdx:cfgcmd:: system conntrack app-detect app-id-storage chained .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k All detected Application ID are stored for the traffic session .. osdx:cfgcmd:: system conntrack app-detect app-id-storage override .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Only highest layer Application ID is stored for the traffic session (default behavior) .. osdx:cfgcmd:: system conntrack app-detect debug .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Show more verbose log messages .. osdx:cfgcmd:: system conntrack app-detect dictionary .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k :arg u32: Priority of the dictionary, affects in the search order :instances: Unique .. osdx:cfgcmd:: system conntrack app-detect dictionary custom .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Custom application dictionary defined in CLI .. osdx:cfgcmd:: system conntrack app-detect dictionary custom app-id .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Custom Application ID :arg u32: USER-Defined Selector ID number (0-65535) :instances: Multiple .. osdx:cfgcmd:: system conntrack app-detect dictionary custom app-id fqdn .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k :arg txt: FQDN or hostname pattern of custom Application ID :instances: Multiple .. osdx:cfgcmd:: system conntrack app-detect dictionary custom app-id name .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k :arg txt: Name of custom Application ID .. osdx:cfgcmd:: system conntrack app-detect dictionary filename .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k :arg file: Name of local application dictionary file .. osdx:cfgcmd:: system conntrack app-detect dictionary remote .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Application dictionary hosted on a remote server :ref Required: :ref Required: :ref Required: .. osdx:cfgcmd:: system conntrack app-detect dictionary remote alarm .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Alarm triggered according to remote server status .. osdx:cfgcmd:: system conntrack app-detect dictionary remote alarm connection-error .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Alarm triggered when error detected in the connection to the remote server :ref Reference: system alarm * .. osdx:cfgcmd:: system conntrack app-detect dictionary remote encrypted-key .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k :arg password: Encrypted key to connect to the application dictionary server .. osdx:cfgcmd:: system conntrack app-detect dictionary remote encrypted-url .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k :arg password: Application dictionary server encrypted url .. osdx:cfgcmd:: system conntrack app-detect dictionary remote key .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k :arg txt: Key to connect to the application dictionary server .. osdx:cfgcmd:: system conntrack app-detect dictionary remote local-address .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Bind to local IP address :arg ipv4: IPv4 address :Local IP address: .. osdx:cfgcmd:: system conntrack app-detect dictionary remote local-interface .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k :arg ifc: Bind to local interface .. osdx:cfgcmd:: system conntrack app-detect dictionary remote local-vrf .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Bind to local Virtual Routing and Forwarding domain name :ref Reference: system vrf * .. osdx:cfgcmd:: system conntrack app-detect dictionary remote mark .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k :arg u32: Choose a specific number to mark remote dictionary traffic .. osdx:cfgcmd:: system conntrack app-detect dictionary remote property .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Classification property retrieved from remote dictionary :instances: Unique .. osdx:cfgcmd:: system conntrack app-detect dictionary remote property category .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Retrieve category from remote dictionary .. osdx:cfgcmd:: system conntrack app-detect dictionary remote property reputation .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Retrieve reputation from remote dictionary .. osdx:cfgcmd:: system conntrack app-detect dictionary remote ssl-allow-insecure .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Do not verify the authenticity of the SSL certificate and do not check hostname match .. osdx:cfgcmd:: system conntrack app-detect dictionary remote url .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k :arg txt: Application dictionary server url .. osdx:cfgcmd:: system conntrack app-detect dictionary remote vrf-mark .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Choose a specific VRF to mark remote dictionary traffic :ref Reference: system vrf * .. osdx:cfgcmd:: system conntrack app-detect dns .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k DNS detection .. osdx:cfgcmd:: system conntrack app-detect dns-host .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k DNS query hostname detection .. osdx:cfgcmd:: system conntrack app-detect dns-host disable-continuous-resolution .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Disable continuous resolution of FQDNs to update application IDs .. osdx:cfgcmd:: system conntrack app-detect dns-host max-cnames .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Size of DNS CNAME cache :arg u32: Number of entries allowed in DNS CNAME cache (1-10000) .. osdx:cfgcmd:: system conntrack app-detect enable_dict_match_priv_ip .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Allow matches of private ip addresses on no custom dictionaries .. osdx:cfgcmd:: system conntrack app-detect http .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k HTTP detection .. osdx:cfgcmd:: system conntrack app-detect http-host .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k HTTP Host header detection .. osdx:cfgcmd:: system conntrack app-detect http-referer .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k HTTP Referer header detection .. osdx:cfgcmd:: system conntrack app-detect http-url .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k HTTP request URL detection .. osdx:cfgcmd:: system conntrack app-detect http-user-agent .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k HTTP User-Agent header detection .. osdx:cfgcmd:: system conntrack app-detect ip-cache .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Ip-cache configuration .. osdx:cfgcmd:: system conntrack app-detect ip-cache blacklist .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Allow to exclude an IP from the ip-cache when App-Id is flapping .. osdx:cfgcmd:: system conntrack app-detect ip-cache timeout .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k [Not recommended to set] IP cache entry timeout in seconds. :arg u32: Timeout in seconds (1-86400) .. osdx:cfgcmd:: system conntrack app-detect refresh-flow-appid .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Refresh flow appid when fqdn's appid is different than ip-cache's one .. osdx:cfgcmd:: system conntrack app-detect ssl .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k SSL/TLS detection .. osdx:cfgcmd:: system conntrack app-detect ssl-host .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k SSL/TLS certificate host detection .. osdx:cfgcmd:: system conntrack disable .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Disable connection tracking .. osdx:cfgcmd:: system conntrack expect-table-size .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Size of connection tracking expect table :arg u32: Number of entries allowed in connection tracking expect table (1-50000000) .. osdx:cfgcmd:: system conntrack hash-size .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Hash size for connection tracking table :arg u32: Size of hash to use for connection tracking table (1-50000000) .. osdx:cfgcmd:: system conntrack logging .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Log conntrack events .. osdx:cfgcmd:: system conntrack logging events .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Specify events to capture :arg new: NEW events :arg update: UPDATE events :arg destroy: DESTROY events :arg all: all the previously events :instances: Multiple .. osdx:cfgcmd:: system conntrack logging identity .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Specify the identity name of the log entries :arg txt: Identity name (1-92) .. osdx:cfgcmd:: system conntrack logging log-level .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Specify log level to use (The events will be displayed with the specified level format) :arg err: Error messages :arg warning: Warning messages :arg notice: Messages for further investigation :arg info: Informational messages :arg debug: Debug messages .. osdx:cfgcmd:: system conntrack modules .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Connection tracking modules settings .. osdx:cfgcmd:: system conntrack modules ftp .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k FTP connection tracking settings .. osdx:cfgcmd:: system conntrack modules ftp disable .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Disable FTP connection tracking .. osdx:cfgcmd:: system conntrack modules h323 .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k H.323 connection tracking settings .. osdx:cfgcmd:: system conntrack modules h323 disable .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Disable H.323 connection tracking .. osdx:cfgcmd:: system conntrack modules pptp .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k PPTP connection tracking settings .. osdx:cfgcmd:: system conntrack modules pptp disable .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Disable PPTP connection tracking .. osdx:cfgcmd:: system conntrack modules sip .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k SIP connection tracking settings .. osdx:cfgcmd:: system conntrack modules sip disable .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Disable SIP connection tracking .. osdx:cfgcmd:: system conntrack modules sip enable-indirect-media .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Option to support for indirect media streams .. osdx:cfgcmd:: system conntrack modules sip enable-indirect-signalling .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Option to support for indirect signalling streams .. osdx:cfgcmd:: system conntrack modules sip port .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Port number that SIP traffic is carried on :arg u32: SIP port number (1-65535) :instances: Multiple .. osdx:cfgcmd:: system conntrack modules tftp .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k TFTP connection tracking settings .. osdx:cfgcmd:: system conntrack modules tftp disable .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Disable TFTP connection tracking .. osdx:cfgcmd:: system conntrack replace-clash .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Enable replace-clash feature .. osdx:cfgcmd:: system conntrack table-size .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Size of connection tracking table :arg u32: Number of entries allowed in connection tracking table (1-50000000) .. osdx:cfgcmd:: system conntrack tcp .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k TCP options .. osdx:cfgcmd:: system conntrack tcp half-open-connections .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Maximum number of TCP half-open connections :arg u32: Number of connections (1-2147483647) .. osdx:cfgcmd:: system conntrack tcp max-retrans .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k TCP maximum retransmit attempts :arg u32: Generic connection timeout in seconds (1-2147483647) .. osdx:cfgcmd:: system conntrack tcp no-loose .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Do not track previously established connections .. osdx:cfgcmd:: system conntrack timeout .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Connection timeout options .. osdx:cfgcmd:: system conntrack timeout icmp .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k ICMP timeout in seconds :arg u32: ICMP timeout in seconds (1-21474836) .. osdx:cfgcmd:: system conntrack timeout other .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Generic connection timeout in seconds :arg u32: Generic connection timeout in seconds (1-21474836) .. osdx:cfgcmd:: system conntrack timeout tcp .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k TCP connection timeout options .. osdx:cfgcmd:: system conntrack timeout tcp close .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k TCP CLOSE timeout in seconds :arg u32: TCP CLOSE timeout in seconds (1-21474836) .. osdx:cfgcmd:: system conntrack timeout tcp close-wait .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k TCP CLOSE-WAIT timeout in seconds :arg u32: TCP CLOSE-WAIT timeout in seconds (1-21474836) .. osdx:cfgcmd:: system conntrack timeout tcp established .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k TCP ESTABLISHED timeout in seconds :arg u32: TCP ESTABLISHED timeout in seconds (1-21474836) .. osdx:cfgcmd:: system conntrack timeout tcp fin-wait .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k TCP FIN-WAIT timeout in seconds :arg u32: TCP FIN-WAIT timeout in seconds (1-21474836) .. osdx:cfgcmd:: system conntrack timeout tcp last-ack .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k TCP LAST-ACK timeout in seconds :arg u32: TCP LAST-ACK timeout in seconds (1-21474836) .. osdx:cfgcmd:: system conntrack timeout tcp syn-recv .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k TCP SYN-RECEIVED timeout in seconds :arg u32: TCP SYN-RECEIVED timeout in seconds (1-21474836) .. osdx:cfgcmd:: system conntrack timeout tcp syn-sent .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k TCP SYN-SENT timeout in seconds :arg u32: TCP SYN-SENT timeout in seconds (1-21474836) .. osdx:cfgcmd:: system conntrack timeout tcp time-wait .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k TCP TIME-WAIT timeout in seconds :arg u32: TCP TIME-WAIT timeout in seconds (1-21474836) .. osdx:cfgcmd:: system conntrack timeout udp .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k UDP timeout .. osdx:cfgcmd:: system conntrack timeout udp other .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k UDP generic timeout in seconds :arg u32: UDP generic timeout in seconds (1-21474836) .. osdx:cfgcmd:: system conntrack timeout udp stream .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k UDP stream timeout in seconds :arg u32: UDP stream timeout in seconds (1-21474836)