Problem description:
In the extranet access scenario, terminals log in to the eSpace through the extranet. The eSpace is offline in about 4 minutes.
Processing procedure:
The fault symptom is regular. After 4 minutes, the eSpace status of the client that logs in to the external network changes to offline. This problem does not occur during intranet login.
Based on the symptom comparison, it is suspected that the session of the extranet client is terminated periodically.
According to the client's requirements, the default registration period is 300s, and the offline duration is 240s in 4 minutes. This indicates that the session is cut before the client's registration period. It is required that the aging time on the extranet firewall be greater than the registration update time of the terminal. It is recommended that the customer check the aging time of the UDP session on the egress firewall and find that the aging time is 240s. This indicates that the client is disconnected because the firewall truncates the client session based on the session aging time before the registration period is updated.
It is recommended that the aging time of UDP sessions on the firewall be changed to a value greater than 300s. The aging time is changed to 600s to avoid centralized registration update.
The problem is solved after the test.
Root cause:
The aging time of the UDP protocol on the firewall is shorter than the client update interval.
Solution:
It is recommended that the customer change the aging time of UDP sessions to a value greater than 300s. To avoid centralized registration update, change the aging time to 600s.
Suggestions and Summary:
The aging time configured on the extranet firewall is longer than the registration update time of the terminal.
