No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Customer cannot visit SQL database normally because no long link was configured on USG5300

Publication Date:  2013-12-12 Views:  738 Downloads:  0

Issue Description

End users can visit the SQL database normally at beginning ,but later it will become very slow  or even application  program occur error  prompt.

Alarm Information


Handling Process

1. configurea ACL to match the target packets, here we assume the source IP is /32.
     Acl number 3000
    rule 0 permit tcp destination-port eq sqlnet
    rule 5 permit ip source 0
2. start the long link function in inter-zone .
    firewall interzone trust untrust
    firewall long-link 3000 outbound

Notes: 1. Long-link function has some influence to USG performance ,please don’t configure too much.
             2. The default aging time for  long-link  is 168 hours .

Root Cause

By catching and analyzing  the packets from USG5300,we find that  the time interval of application program packets sent from client side has been more than 600 seconds. Defiantly , the aging time of SQL  session configure on USG5300 is 600 seconds, that is to say ,after firewall building the SQL session ,if there is no any other SQL packets match this session, it will expired in 600 seconds. If customer send the packets again ,device will  initial a same session ,this will cause much time delay and lower the user experience ,moreover ,if the application program is sensitive about time ,it will occur an error .On this situation ,we need to configure long link function , to make sure the SQL session will not age for a long time period .


If the   SQL session aging cause the service down or visit   server slowly  ,please   refer to this case and configure long link function .