The Problem Elicited by Firewall Session Check

Publication Date:  2012-09-12 Views:  118 Downloads:  0
Issue Description

Make 4 routes in the firewall, 3 routes’ next hop point to, another one is the default route whose next hop is, network of PC is QQ and msn is offline.
Alarm Information
Handling Process
2 ways to solve the problem
1. Shutdown the firewall session check(shutdown is not suggested that will reduce the safe index )
2. Change the route, make PC network point to, add 3 route on 3 layer switch whose next hop is, add a default route point to
Root Cause
The traffic will pass SW path when PC login QQ, fist session reached to firewall who sent route to the 3 layer switch, the second route came from the 3 layer switch is sent to PC, and PC sends the third route to firewall. That is the reason why bring the offline problem.
Notes: Firewall has the session check, but SW not.