No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Problems Caused by Session Detection of the Firewall

Publication Date:  2012-07-27 Views:  2 Downloads:  0
Issue Description
 There are four routes on the firewall. The next hops of three routes are 192.24.0.254. The next hop of the default route is 192.168.17.1. The gateway of the PC is 192.168.17.4. The QQ, MSN, and Alitalk accounts on the PC become offline.
Alarm Information
None.
Handling Process
Two solutions are available:
1. Disable the session detection function of the firewall. (This solution is not recommended. If the session detection function is disabled, the security performance of the firewall is deteriorated.)
2. Change the route. The gateway of the PC is 192.168.17.1. Add three routes (next hop: 192.168.17.4) of the firewall to the switch. Configure a default route destined for 192.24.0.254 on the firewall.
Root Cause
If you log in to QQ from a PC, the traffic passes through the switch. When the first session arrives at the firewall, the firewall sends the route to the Layer-3 switch. The second route returns from the Layer-3 switch and is directly sent to the PC. The PC sends the third route to the firewall. As a result, users become offline.
Suggestions
Note: The firewall provides the session detection function, but the SW does not.

END