Got it
Huawei Enterprise Support Community
Community Forums Security
Client operation interrup...

Client operation interrupt every 10 minutes because of the aging of session list

Latest reply: Apr 4, 2016 19:00:15 1290 1 0 0 0
View the author 1#

The client use USG2100 to deploy public network export . Client has an operation developed by themselves ,the server deploy in the public network.Client can establish connection between internal network and server normally,but it interrupt every 10 minutes and only restart the client to solve it.

Alarm Information
None.

Like (0) Dislike (0) Favorite(0) Share Report
Previous: Why Are Certain TCP Sessions Complying with Persistent Connection Requirements I
Next: Why the ELOG clue on “License is not allowed to add the new equipment”?
(0) (0)
2#
TomJ
Created Apr 4, 2016 19:00:15

Handling Process
There are two ways to solve the problem.
(1) Adjust the time of TCP session aging.Using the command of firewall session aging-time tcp to aging time .It will extend all the aging time of TCP session by this way .So it will bring press at the number of concurrency connection of USG.When the number of concurrency connection of USG is full ,it cannot establish new connection.
(2) Using long connection
The method as follows :
1、 Setting the long connection session aging time to 15 hours
2、 Setting long connection appointed ACL
3、 Apply long connection in the area
Enter system view and affix the script
firewall long-link aging-time 15

acl number 3100
description FOR_LONG_LINK
rule 5 permit tcp destination X.X.X.X X.X.X.X
rule 10 permit tcp destination X.X.X.X X.X.X.X
rule 15 permit tcp destination X.X.X.X X.X.X.X
rule 20 permit tcp destination X.X.X.X X.X.X.X
rule 25 permit tcp destination X.X.X.X X.X.X.X
quit

firewall interzone trust untrust
firewall long-link 3100 outbound
quit
Root Cause
Using the command of display firewall session table to check the USG session list ,we can find the connection of client operation is based on the TCP.The default aging time of TCP session list is 10 minutes.so we collect the information used by client and find there is no data to send to server by client ,the client send data to server about 2 hours.We can judge from the phenomena above that when the client using TCP to connect with server,USG will create a  TCP session list and the aging time is 10 minutes.When the client don’t send data in 10 minutes ,USG will aging the TCP session .After that when the client send data and the data arrives USG,the USG has no relevant session.So it will drop the data message .After the client restart and establish  TCP connection with server ,the clien can send data to server normally.Solution
Suggestions
None.
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.