firewall exceeded session enable
Function
The firewall exceeded session enable command enables the function of automatically shutting down interfaces when the usage of session entries reaches the threshold.
The undo firewall exceeded session enable command disables the function of automatically shutting down an interface on which the usage of session entries reaches the threshold.
Usage Guidelines
By default, the function is disabled.
This command can be backed up to the standby device.
After the function of automatically shutting down interfaces and the list of interfaces that are automatically shut down are configured, when the usage of session entries on a CPU reaches the threshold, the device shuts down the corresponding interface of the list and sends alarm FWD_1.3.6.1.4.1.2011.6.122.15.3.2.1 hwSecStatSessOverThreshold. When the usage of session entries on a CPU falls below the threshold, the interface that is shut down cannot be automatically recover, and you need to manually start the interface. In this case, the device sends alarm FWD_1.3.6.1.4.1.2011.6.122.15.3.2.2 hwSecStatSessBelowThreshold.
After the interface is disabled, the traffic bypasses the FW and is forwarded along other links.
Run the snmp-agent session trap threshold command to set the alarm threshold.
Run the firewall_exceeded_session_shutdown_interface command to configure the device to automatically disable the interface.
To make the function take effect, run the snmp-agent trap enable command to enable the alarm function.
Example
# Enable the function of automatically shutting down interfaces when the usage of session entries reaches the threshold.
<sysname> system-view [sysname] snmp-agent trap enable Warning: All switches of SNMP trap/notification will be open. Continue? [Y/N]:y [sysname] firewall exceeded session enable