No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Client operation interrupt every 10 minutes because of the aging of session list

Publication Date:  2012-09-21 Views:  171 Downloads:  0
Issue Description
The client use USG2100 to deploy public network export . Client has an operation developed by themselves ,the server deploy in the public network.Client can establish connection between internal network and server normally,but it interrupt every 10 minutes and only restart the client to solve it.
Alarm Information
Handling Process
There are two ways to solve the problem.
(1) Adjust the time of TCP session aging.Using the command of firewall session aging-time tcp to aging time .It will extend all the aging time of TCP session by this way .So it will bring press at the number of concurrency connection of USG.When the number of concurrency connection of USG is full ,it cannot establish new connection.
(2) Using long connection
The method as follows :
1、 Setting the long connection session aging time to 15 hours
2、 Setting long connection appointed ACL
3、 Apply long connection in the area
Enter system view and affix the script
firewall long-link aging-time 15

acl number 3100
description FOR_LONG_LINK
rule 5 permit tcp destination X.X.X.X X.X.X.X
rule 10 permit tcp destination X.X.X.X X.X.X.X
rule 15 permit tcp destination X.X.X.X X.X.X.X
rule 20 permit tcp destination X.X.X.X X.X.X.X
rule 25 permit tcp destination X.X.X.X X.X.X.X

firewall interzone trust untrust
firewall long-link 3100 outbound
Root Cause
Using the command of display firewall session table to check the USG session list ,we can find the connection of client operation is based on the TCP.The default aging time of TCP session list is 10 we collect the information used by client and find there is no data to send to server by client ,the client send data to server about 2 hours.We can judge from the phenomena above that when the client using TCP to connect with server,USG will create a  TCP session list and the aging time is 10 minutes.When the client don’t send data in 10 minutes ,USG will aging the TCP session .After that when the client send data and the data arrives USG,the USG has no relevant session.So it will drop the data message .After the client restart and establish  TCP connection with server ,the clien can send data to server normally.