No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

USG6630 session disconnection some times

Publication Date:  2017-10-24 Views:  102 Downloads:  0
Issue Description

the topology just as below:

The customer have been installed a USG6630 as the border firewall.it configure the NAT-Server and it have two ISP link.

the internet user connect the DMZ Server from the ISP, it need to connect always. But the session often disconnect suddenly,then the customer need to be reconnection.

if the customer connect the server not through the firewall,such as used the test-pc which shows on the topology, the session is not disconnection.

Handling Process

1.we checked the routing table on the USG6630,it is ok.

2.we checked the NAT-Server and the security policy configuration, there is no problem.

then we used the command"display firewall session table" to check the session,it is established normally.

when we checked the firewall session, it shows that is the TCP-Connection session, as we know the TCP-connection session olding-time is 1200s.

if there are no traffic in 1200s,the session will be deleted from the USG6630 right now.

so if the customer need the session not disconnect, the session olding-time need to been extended.

then we configure the long-link on the security policy,the command as below:

#

security-policy

rule name rule-name

long-link enable

long-link aging-time interval

#

 

Root Cause

the customer do not enable the long-link function on the security policy,so the session sometimes been disconnected.

Solution

The persistent connection function allows you to set the session aging time for specific flows,if there are some service need more aging time, you should configure the long-link.

END