Is the aging time of session same with the persistent connection when the firewall configures persistent connection?

Publication Date:  2012-09-10 Views:  171 Downloads:  0
Issue Description
When the firewall configures long-link, it is found that some eligible TCP session had long-link mark, but the aging time is not the persistent connection aging time configured by firewall.
Alarm Information
Handling Process
Root Cause
When the firewall configures long-link, for eligible TCP packets that accord with long-link, the firewall will make the long-link mark when it receives the first TCP packet. The aging time is the one of SYN packets. Firewall will configure the session table aging time as long-link aging time after the TCP completed the 3 times handshake. Firewall will configure the TCP session aging time as fin-rst aging time after the TCP 4 times handshake close connection completely(i.e. the firewall receives the second FIN-ACK packets) or received the RST packets. And the long-link mark is not taken off.