Use the USG5320 firewall as the firewall between the server group and user area, in order to protect the server security. Users can connect to the SQL database through the firewall. But the connection open after a period of time, during the transmission of data, there will be access slow or using the changed data service application error.
Match takes a long time to keep the session data.
acl number 3998
rule 0 permit tcp destination-port eq sqlnet
rule 5 permit ip source 192.168.1.100 0
Open long connection in the direction of the data transfer
firewall interzone trust untrust
firewall long-link 3998 inbound
firewall long-link 3998 outbound
After matching long connection, the session will be saved 7 * 24 hours. During this time, if there is data pass by session, the timing of the session time will refresh to 7 * 24 hours.
Packet capture analysis, detailed information of the firewall real-time session. The analytical results are as follows:
Firewall default SQL connection session hold time is 600 seconds. Once the session can’t receive new data triggered within 600 seconds, the session will be cleared. Although the sessions on the firewall have been cleared, the client application can’t know that. The user uses the connection again to send data but the session no longer exists, so the firewall will create a new session, the user will feel greatly delay. If the application has requirements for data transmission delay, may lead to an application error.
Need to know the user's application needs, especially database application before implementation. The long connection will be kept for a long time, if the matching long connection is too much, the firewall performance will be impacted. So require as precise as possible in matching session.