No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


The Problem Elicited by Firewall Session Check

Publication Date:  2012-09-12 Views:  392 Downloads:  0

Issue Description

Make 4 routes in the firewall, 3 routes’ next hop point to, another one is the default route whose next hop is, network of PC is QQ and msn is offline.

Alarm Information


Handling Process

2 ways to solve the problem
1. Shutdown the firewall session check(shutdown is not suggested that will reduce the safe index )
2. Change the route, make PC network point to, add 3 route on 3 layer switch whose next hop is, add a default route point to

Root Cause

The traffic will pass SW path when PC login QQ, fist session reached to firewall who sent route to the 3 layer switch, the second route came from the 3 layer switch is sent to PC, and PC sends the third route to firewall. That is the reason why bring the offline problem.


Notes: Firewall has the session check, but SW not.