No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Eudemon 1000 undo state inspection, it leads parts data use pristine address pool to map after changing nat address pool

Publication Date:  2012-10-15 Views:  103 Downloads:  0

Issue Description

Eudemon 1000 accesses public network by configuring nat transition, we configure state inspection which is aimed at the service of qq、msn、http in the area. We need change nat address pool address without day for the network security, after finding modifying the address pool address, we view the session of firewall after the command of reset firewall session table , there are some parts session use the pristine address pool to map.

Alarm Information


Handling Process

1、 view the configuration of firewall ,there is no problem, nat address has been changed normally.
2、 We can find some parts session use the pristine address to map based on the special source address.
3、 Use reset firewall session table id to clean up session based on the special id of session,then view the session, we can find the corresponding session has been cleaned up. It can remove the reason of failing to clean up the session.
4、 View the session which is wrong address mapping is the session of QQ, and we can find it configures detect QQ/http/msn state inspection function in the area by viewing configuration, thereout we doubt it is led by state inspection.
5、 State inspection is based on the servermap list to create session, view the servermap list of firewall we can find there are some parts address which is connected QQ is corresponding the pristine address.
6、 View the session based on the this address,we can find it uses the pristine address to map.
Thereout we can ensure the reason is that part servermap list isn’t aging and leads the service of QQ which has undoed state inspection sending the session list which is the pristine address. And the servermap list default aging time is 1 minute, it cannot be cleaned up by itself ,the later message continue matching refreshing aging time,it leads the list cannot be aging,the traffic session which has undoed state inspection has been created based on the servermap list. In summary it creates the situation of part traffic nat address not being synchronize upgrading.

Root Cause

1、 the command of reset firewall session table doesn’t clean up the corresponding session
2、 the service has particularity


Because the servermap list cannot be cleaned up by itself, we suggust to change the nat address pool,it need choose the low service time to avoid creating the situation of parts session list cannot be synchronize upgrading