No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

The peer end device problem lead to the one of the FW export flow suddenly decline

Publication Date:  2012-10-25 Views:  51 Downloads:  0
Issue Description
Customers use network management software monitor three public network export, find Netcom export flow will appear the phenomenon that flow suddenly decline at some time every day, perform the network interruption, and time is very short about five minutes, and Telecom and Education network do not have this problem.
Alarm Information
none
Handling Process
1,Inspect firewall configuration and do not find configuration problem.


2, When the flow suddenly decline, from 192.168.100.200 (the address after firewall NAT is 218.62.42.5) can always ping pass gateway, from session table to see can also ping pass, because the direction of import and export on the session table is the same.
But other intranet address is transformed into 218.62.42.6 and 218.62.42.8, and can not ping pass. from the session table to see firewall has been sent out, but have not received reply message. So the problem should be in Netcom, when the destination address is 218.62.42.6, 218.62.42.8, it has problems, and maybe the problem is in the arp learning and refresh.
3, Check firewall session table
<USG5360>display firewall  session table  verbose  destination i 218.62.42.1
10:37:18  2010/06/29
Current Total Sessions : 4
  icmp  VPN: public -> public
  Zone: trust -> cnc  TTL: 00:00:20  Left: 00:00:19
  Interface: G0/0/3  Nexthop: 218.62.42.1  MAC: 00-19-c6-01-50-41
  <-- packets:893 bytes:53580   --> packets:893 bytes:53580
  192.168.100.200:512[218.62.42.5:18317]-->218.62.42.1:512
--------------after NAT the address is 42.5,the number of import and export FW is consistent and there is no ping impassably situation                                                                                                                             
  icmp  VPN: public -> public
  Zone: trust -> cnc  TTL: 00:00:20  Left: 00:00:19
  Interface: G0/0/3  Nexthop: 218.62.42.1  MAC: 00-19-c6-01-50-41
  <-- packets:2533 bytes:151980 --> packets:2581 bytes:154860
  192.168.224.136:512[218.62.42.6:29208]-->218.62.42.1:512
-------------- after NAT the address is 42.6,now have 48 (2581-2533)  number can not ping pass,FW send the message but do not come back. Now have 240S(48*5S) packets loss.
icmp  VPN: public -> public
  Zone: trust -> cnc  TTL: 00:00:20  Left: 00:00:19
  Interface: G0/0/3  Nexthop: 218.62.42.1  MAC: 00-19-c6-01-50-41
  <-- packets:2202 bytes:132120 --> packets:2202 bytes:132120
  192.168.181.200:512[218.62.42.5:12992]-->218.62.42.1:512
  -------------- after NAT the address is 42.5,the number of import and export FW is consistent and there is no ping impassably situation
  icmp  VPN: public -> public
  Zone: trust -> cnc  TTL: 00:00:20  Left: 00:00:18
  Interface: G0/0/3  Nexthop: 218.62.42.1  MAC: 00-19-c6-01-50-41
  <-- packets:4526 bytes:307768 --> packets:4553 bytes:309604
192.168.144.13:512[218.62.42.8:14191]-->218.62.42.1:512
-------------- after NAT the address is 42.8,now have 47 (4553-4526)  number can not ping pass,FW send the message but do not come back. Now have 135S(27*5S) packets loss.
<USG5360>display firewall  session table  verbose  destination i 218.62.42.1                  
17:11:05  2010/06/29
Current Total Sessions : 1                                                                         icmp  VPN: public -> public
  Zone: trust -> cnc  TTL: 00:00:20  Left: 00:00:18
  Interface: G0/0/3  Nexthop: 218.62.42.1  MAC: 00-19-c6-01-50-41
  <-- packets:13761 bytes:825660        --> packets:13809 bytes:828540
  192.168.224.136:512[218.62.42.6:29208]-->218.62.42.1:512 
After one day, the value is 13809-13761 = 48, still as the same with the a.m.
Through the above information can find that when there is a problem the FW has forwarded the message to Netcom gateway, but in the direction Netcom gateway to the intranet, the message forwarding that destination address is 218.62.42.6, 218.62.42.8 have problems, do not forward it to firewall lead to service suddenly decline.
Root Cause
1, firewall configuration problem.
2, firewall forwarding problem.
3, the peer end device problem.
Suggestions
none

END