Fortinet black logo

Hyperscale Firewall Guide

Modifying trap session behavior in hyperscale firewall VDOMs

Modifying trap session behavior in hyperscale firewall VDOMs

Hyperscale VDOMs create trap sessions for all sessions that need to be handled by the CPU. Trap sessions make sure CPU sessions are successfully sent to the CPU. If CPU sessions are not trapped, they may be incorrectly converted to hardware sessions and dropped.

You can use the following command to modify trap session behavior in a hyperscale firewall VDOM

config system settings

set trap-session-flag {udp-both | udp-reply | tcpudp-both | tcpudp-reply | trap-none}

end

udp-both trap UDP send and reply sessions.

udp-reply trap UDP reply sessions only.

tcpudp-both trap TCP and UDP send and reply sessions. This is the default setting.

tcpudp-reply trap TCP and UDP reply sessions only.

trap-none disable trapping sessions.

The default setting creates trap sessions for all TCP and UDP sessions to be handled by the CPU. You can change the trap session behavior depending on CPU sessions processed by the VDOM.

Modifying trap session behavior in hyperscale firewall VDOMs

Hyperscale VDOMs create trap sessions for all sessions that need to be handled by the CPU. Trap sessions make sure CPU sessions are successfully sent to the CPU. If CPU sessions are not trapped, they may be incorrectly converted to hardware sessions and dropped.

You can use the following command to modify trap session behavior in a hyperscale firewall VDOM

config system settings

set trap-session-flag {udp-both | udp-reply | tcpudp-both | tcpudp-reply | trap-none}

end

udp-both trap UDP send and reply sessions.

udp-reply trap UDP reply sessions only.

tcpudp-both trap TCP and UDP send and reply sessions. This is the default setting.

tcpudp-reply trap TCP and UDP reply sessions only.

trap-none disable trapping sessions.

The default setting creates trap sessions for all TCP and UDP sessions to be handled by the CPU. You can change the trap session behavior depending on CPU sessions processed by the VDOM.