No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Problems Caused by Session Detection of the Firewall

Publication Date:  2012-07-27 Views:  2 Downloads:  0
Issue Description
 There are four routes on the firewall. The next hops of three routes are The next hop of the default route is The gateway of the PC is The QQ, MSN, and Alitalk accounts on the PC become offline.
Alarm Information
Handling Process
Two solutions are available:
1. Disable the session detection function of the firewall. (This solution is not recommended. If the session detection function is disabled, the security performance of the firewall is deteriorated.)
2. Change the route. The gateway of the PC is Add three routes (next hop: of the firewall to the switch. Configure a default route destined for on the firewall.
Root Cause
If you log in to QQ from a PC, the traffic passes through the switch. When the first session arrives at the firewall, the firewall sends the route to the Layer-3 switch. The second route returns from the Layer-3 switch and is directly sent to the PC. The PC sends the third route to the firewall. As a result, users become offline.
Note: The firewall provides the session detection function, but the SW does not.