No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.

Knowledge Base

Is the aging time of session same with the persistent connection when the firewall configures persistent connection?

Publication Date:  2012-09-14  |   Views:  975  |   Downloads:  0  |   Author:  c00222574  |   Document ID:  EKB1000014765


Issue Description

When the firewall configures long-link, it is found that some eligible TCP session had long-link mark, but the aging time is not the persistent connection aging time configured by firewall. 

Alarm Information


Handling Process


Root Cause

When the firewall configures long-link, for eligible TCP packets that accord with long-link, the firewall will make the long-link mark when it receives the first TCP packet. The aging time is the one of SYN packets. Firewall will configure the session table aging time as long-link aging time after the TCP completed the 3 times handshake. Firewall will configure the TCP session aging time as fin-rst aging time after the TCP 4 times handshake close connection completely(i.e. the firewall receives the second FIN-ACK packets) or received the RST packets. And the long-link mark is not taken off.