TCP Session Stuck and only manual clear of the session id solve the issue

habib-souag — Tue, 28 Jul 2020 11:04:42 GMT

Dear Community,

we are facing a strange behavior with a tcp flow that is meant to mount a volume on a linux server, from time to time, the session get stuck in the firewall causing an error while trying to mount the device, the topology is as follow:

Linux Server <-> Firewall 1 <-> Firewall 2 <-> Script Server

the Script server execute a backup script that mount the volume in the linux Server and start uploading the files, when no session is created in the firewall the script work perfectly but when the issue happen we see at the Firewall two a session stuck and the volume doesn't mount

here is the tcp info:

(active)> show session all filter source 10.X.X.X destination 10.Y.Y.Y

--------------------------------------------------------------------------------

ID Application State Type Flag Src[Sport]/Zone/Proto (translated IP[Port])

Vsys Dst[Dport]/Zone (translated IP[Port])

--------------------------------------------------------------------------------

3146098 undecided ACTIVE FLOW 10.X.X.X[782]/APP/6 (10.X.X.X[782])

vsys1 10.Y.Y.Y[2049]/RULEX (10.Y.Y.Y[2049])

(active)> show session id 3146098

Session 3146098

c2s flow:
source: 10.X.X.X [APP]
dst: 10.Y.Y.Y
proto: 6
sport: 782 dport: 2049
state: ACTIVE type: FLOW
src user: unknown
dst user: unknown

s2c flow:
source: 10.Y.Y.Y [RULEX]
dst: 10.X.X.X
proto: 6
sport: 2049 dport: 782
state: ACTIVE type: FLOW
src user: unknown
dst user: unknown

Slot : 1
DP : 0
index(local): : 3146098
start time : Wed Jun 24 21:03:01 2020
timeout : 120 sec
time to live : 108 sec
total byte count(c2s) : 5613888
total byte count(s2c) : 528
layer7 packet count(c2s) : 71974
layer7 packet count(s2c) : 8
vsys : vsys1
shared gateway : sg2
application : undecided
rule : RULEX
service timeout override(index) : False
application db : 0
app.id : c2s node (0, 0) s2s node (0, 0)
session to be logged at end : True
session in session ager : True
session updated by HA peer : False
layer7 processing : enabled
URL filtering enabled : False
session via syn-cookies : False
session terminated on host : False
session traverses tunnel : False
captive portal session : False
ingress interface : aeX.XXX
egress interface : aeY
session QoS rule : N/A (class 4)
end-reason : unknown

and only a clear of this session id will solve the issue, both firewalls are on version 8.1.12. no session is seen on Firewall 1 when the issue happen.

Thanks for your help

Regards,

Re: TCP Session Stuck and only manual clear of the session id solve the iss

Thyrion — Tue, 28 Jul 2020 12:37:17 GMT

my guess would actually be that firewall1 is the problem, as it has terminated the session, any followup ACK packets will be discarded by it

topic Re: TCP Session Stuck and only manual clear of the session id solve the iss in General Topics

TCP Session Stuck and only manual clear of the session id solve the issue

Re: TCP Session Stuck and only manual clear of the session id solve the iss