No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


How to understand Long link on firewall

Publication Date:  2013-09-26 Views:  244 Downloads:  0

Issue Description


Alarm Information


Handling Process


Root Cause



To protect the network, the default aging time for various sessions on the device is relatively short, that is, only several minutes. When the interval for two subsequent packets of a TCP session reaching the device is longer than the aging time of the session, the device deletes the corresponding session information from the session table. When the following packets reach the device, it discards these packets according to the transmission mechanism, which leads to the disconnection.

In certain actual applications, the interval for two subsequent packets of a TCP session may be long. For example:

When a user downloads large files through FTP, it takes a long interval to send control packets along the control channel.
When a user needs to query the data on the database server, the interval for the query is far longer than the aging time of the TCP session.
To solve the problems of the services such as the FTP service, NMS service, TUXEDO service, and database service, the Eudemon supports configuring the long link function in the security interzone to set super aging time for certain data flows, thus ensuring that the session entries of these applications are not deleted. In this case, when the packets of these sessions reach the device after a long time, these packets can still pass the device and applications are uninterrupted.