After cut over service to USG5000 FW, cannot use foxmail to send and receive mail, but use the other software can.
Networking is as follows:
1.After cut over the service to USG5000, check the FW have 348 SMTP session, and all have come-and-go message, and sending mail should be no problem.
2.Capture packet and analyze on-site, find the three handshakes is passed but the later message don’t. Doubt the client has problem, and do not send mail message response. But skip firewall test can normally use foxmail to send and receive email.
3.Compared with the message before cut over, find when there is no firewall, test the foxmail, server need more than 30s to reply the message after TCP three times handshake. Check USG5000 data configuration again, find the firewall state-inspection is closed, and all the session table aging time become 30s at this time.
4.Change the aging time of SMTP protocol as 1200s, test on-site , and it is normal. Then open the firewall state-inspection function, the SMTP protocol aging time recover to 1200s by default, the service become normal.
The USG5000 FW close state-inspection function, lead to all the session time become 30 seconds. After capture packet to analyze, find that when the user use foxmail, server need more than 30s to reply the message after TCP three times handshake. And because the FW close the state-inspection, the session table aging time is 30s, session table is aging, then later reply package cannot pass.
Usually, we don't suggest close the firewall state-inspection function.
undo firewall session link-state check