Network Traffic Security Inspection

7 min

network traffic security inspection network traffic security inspection show stateful packet inspection status show stateful packet inspection status \[command] show stateful packet inspection status \[purpose] display the enable status of spi inspection, including the enable status for spi inspection of four message types tcp, udp, icmp, and other \[view] system view \[use cases] sonic# show stateful packet inspection status + + + \| proto | status | +=========+==========+ \| tcp | enabled | + + + \| udp | enabled | + + + \| icmp | enabled | + + + \| other | disabled | + + + show stateful packet inspection timeout { show stateful packet inspection timeout { global|user defined } \[command] show stateful packet inspection timeout { global|user defined } \[purpose] display the timeout time for spi configuration, default for unconfigured protocol types \[parameter] true 91,419 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type \[view] system view \[use cases] sonic# show stateful packet inspection timeout global + + + \| type | timeout(second) | +=========================+===================+ \| tcp transitory timeout | default | + + + \| tcp established timeout | default | + + + \| tcp closing timeout | default | + + + \| udp timeout | 10 | + + + \| icmp timeout | default | + + + \| other timeout | default | + + + stateful packet inspection enable { stateful packet inspection enable { tcp|udp|icmp|other } \[command] stateful packet inspection enable { tcp|udp|icmp|other } \[purpose] enable spi to monitor sessions for different protocol types statful packet inspection (spi) is a firewall technology used to monitor the status of active connections and carefully inspect incoming and outgoing network traffic not only does it check individual packets, but it also checks the context and status of network connections used to implement security policies after enabling this function, information about connection status can be maintained, data packets in connection status can be analyzed, and fine control can be allowed based on connection status and packet content \[view] system configuration view \[use cases] sonic(config)# stateful packet inspection enable udp stateful packet inspection timeout { stateful packet inspection timeout { tcp transitory|tcp established|tcp closing|udp|icmp|other } time \[command] stateful packet inspection timeout { tcp transitory|tcp established|tcp closing|udp|icmp|other } time \[purpose] configuring the aging time of the spi session table can be set for different protocol types (including tcp, udp, icmp, and others) \[parameter] true 149,361 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type left 1 1 unhandled content type left 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type left 1 1 unhandled content type left 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type \[view] system configuration view \[use cases] sonic(config)# stateful packet inspection timeout udp 10 stateful packet inspection user defined timeout { stateful packet inspection user defined timeout { tcp|udp|icmp|other } ip address l4 port time \[command] stateful packet inspection user defined timeout { tcp|udp|icmp|other } ip address l4 port time \[purpose] users can set custom timeout parameters for specific protocol types, destination addresses, and l4 port numbers \[parameter] true 140,370 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type \[view] system configuration view \[use cases] sonic(config)# stateful packet inspection user defined timeout tcp 2 3 4 5 23 19