End users can visit the SQL database normally at beginning ,but later it will become very slow or even application program occur error prompt.
1. configurea ACL to match the target packets, here we assume the source IP is 10.1.1.1 /32.
Acl number 3000
rule 0 permit tcp destination-port eq sqlnet
rule 5 permit ip source 10.1.1.1 0
2. start the long link function in inter-zone .
firewall interzone trust untrust
firewall long-link 3000 outbound
Notes: 1. Long-link function has some influence to USG performance ,please don’t configure too much.
2. The default aging time for long-link is 168 hours .
By catching and analyzing the packets from USG5300,we find that the time interval of application program packets sent from client side has been more than 600 seconds. Defiantly , the aging time of SQL session configure on USG5300 is 600 seconds, that is to say ,after firewall building the SQL session ,if there is no any other SQL packets match this session, it will expired in 600 seconds. If customer send the packets again ,device will initial a same session ,this will cause much time delay and lower the user experience ,moreover ,if the application program is sensitive about time ,it will occur an error .On this situation ,we need to configure long link function , to make sure the SQL session will not age for a long time period .
If the SQL session aging cause the service down or visit server slowly ,please refer to this case and configure long link function .