No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Because the session has not be aging lead to new NAT do not become effective.

Publication Date:  2012-10-31 Views:  445 Downloads:  0

Issue Description

The USG5000 configure NAT originally, intranet server C.C.C.C use public network address pool and address is A.A.A.A. After the change the address, reconfigure, the address pool address used by intranet server C.C.C.C change to be B.B.B.B. After the change find TCP service of C.C.C.C is broken.

Alarm Information


Handling Process

When the service is in off-peak hour, use reset firewall session table command, clear the session table. And problem is solved.

Root Cause

(1) Check the configuration, and it is correct.
(2) Use display firewall session to check session table and find C.C.C.C still use A.A.A.A address pool to access to public network session. And this session is C.C.C.C server long-term constant TCP service. So can judge that, because C.C.C.C server continued to send TCP flow, lead to TCP session cannot aging, so even if change configuration, still use the A.A.A.A address pool of session table, leading to service break.