Modifying trap session behavior in hyperscale firewall VDOMs
Hyperscale VDOMs now create trap sessions for all sessions that need to be handled by the CPU. Trap sessions make sure CPU sessions are successfully sent to the CPU. If CPU sessions are not trapped, they may be incorrectly converted to hardware sessions and dropped.
You can use the following command to modify trap session behavior in a hyperscale firewall VDOM
config system settings
set trap-session-flag {udp-both | udp-reply | tcpudp-both trap | tcpudp-reply | trap-none}
end
udp-both
trap UDP send and reply sessions.
udp-reply
trap UDP reply sessions only.
tcpudp-both
trap TCP and UDP send and reply sessions. This is the default setting.
tcpudp-reply
trap TCP and UDP reply sessions only.
trap-none
disable trapping sessions.
The default setting creates trap sessions for all TCP and UDP sessions to be handled by the CPU. You can change the trap session behavior depending on CPU sessions processed by the VDOM.