No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


USG5530 configuration of persistent connection led av function does not take effect

Publication Date:  2019-07-18 Views:  117 Downloads:  0

Issue Description

Customers said configuration av function does not take effect in accordance with the test method in the manual block ftp transfer virus files unsuccessful.

Alarm Information


Handling Process

It found that ike ipsec parameters are corresponding, but still negotiation is not up.
First, turn off the pc antivirus software for ftp upload test, and it did not blocked.
Checking AV configuration:

av policy anti-virus1
http scan-mode intelliscan
http accelerate-transfer enable
ftp scan-mode intelliscan
ftp action block
ftp accelerate-transfer enable
smtp scan-mode intelliscan
pop3 scan-mode intelliscan
policy interzone trust untrust inbound
policy 0
  action permit
  policy logging
  policy destination address-set sever111
  policy destination address-set sever109
  policy destination address-set sever112
  policy av anti-virus1
  http-access log enable
policy interzone trust untrust outbound 
policy 0
  action permit
  policy logging
  policy av anti-virus1
  http-access log enable

Configuration is normal, Two-way configured av detection.
View specific session after founding, the long aging time, after checking configuration, it had configured persistent connection on device:
acl number 3000
description for long_link
rule 100 permit ip
firewall interzone trust untrust
long-link 3000 inbound
It only checked new HTTP and new FTP connection virus after the the av side road applications, because the persistent connection establishing is before av policy application, so it will not match the av policy.
Delete ftp and session in persisitent connection acl, re-upload, av blocking successful, problem was solved.

Root Cause

It doubts that pc upload files killed by anti-virus software, or configuration problems.


After the application of AV policy, USG will check new HTTP and New FTP connection virus, it will not check the connection that has been established before the policy application.