Publication Date: 2019-07-10 | Views: 608 | Downloads: 0 | Author: yWX511500 | Document ID: EKB1000968797
the topology just as below:
The customer have been installed a USG6630 as the border firewall.it configure the NAT-Server and it have two ISP link.
the internet user connect the DMZ Server from the ISP, it need to connect always. But the session often disconnect suddenly,then the customer need to be reconnection.
if the customer connect the server not through the firewall,such as used the test-pc which shows on the topology, the session is not disconnection.
1.we checked the routing table on the USG6630,it is ok.
2.we checked the NAT-Server and the security policy configuration, there is no problem.
then we used the command"display firewall session table" to check the session,it is established normally.
when we checked the firewall session, it shows that is the TCP-Connection session, as we know the TCP-connection session olding-time is 1200s.
if there are no traffic in 1200s,the session will be deleted from the USG6630 right now.
so if the customer need the session not disconnect, the session olding-time need to been extended.
then we configure the long-link on the security policy,the command as below:
rule name rule-name
long-link aging-time interval#
the customer do not enable the long-link function on the security policy,so the session sometimes been disconnected.
The persistent connection function allows you to set the session aging time for specific flows,if there are some service need more aging time, you should configure the long-link.