FAQ-Why Is the Aging Time of Certain TCP Sessions Tagged as Persistent Connections Not That Specified After Persistent Connection Is Configured

Publication Date:  2015-07-01 Views:  190 Downloads:  0
Issue Description
Why Is the Aging Time of Certain TCP Sessions Tagged as Persistent Connections Not That Specified After Persistent Connection Is Configured?
Solution
If persistent connection is configured and the firewall receives the first TCP packet (that is, the first SYN packet) complying with persistent connection requirements, the firewall tags the first packet as a persistent connection and the aging time is that specified for the SYN packets (the default is 5 seconds). Only after the TCP three-way handshake is complete, the firewall resets the aging time of the session table to that of persistent connection. When the firewall completely terminates the connection after TCP four-way handshake (receives the second FIN-ACK packet) or receives an RST packet, the firewall sets the TCP session aging time to that of the FIN-RST packet (the default is 10 seconds) and keeps the persistent connection tag.

END