07-28-2020 04:04 AM
Dear Community,
we are facing a strange behavior with a tcp flow that is meant to mount a volume on a linux server, from time to time, the session get stuck in the firewall causing an error while trying to mount the device, the topology is as follow:
Linux Server <-> Firewall 1 <-> Firewall 2 <-> Script Server
the Script server execute a backup script that mount the volume in the linux Server and start uploading the files, when no session is created in the firewall the script work perfectly but when the issue happen we see at the Firewall two a session stuck and the volume doesn't mount
here is the tcp info:
(active)> show session all filter source 10.X.X.X destination 10.Y.Y.Y
--------------------------------------------------------------------------------
ID Application State Type Flag Src[Sport]/Zone/Proto (translated IP[Port])
Vsys Dst[Dport]/Zone (translated IP[Port])
--------------------------------------------------------------------------------
3146098 undecided ACTIVE FLOW 10.X.X.X[782]/APP/6 (10.X.X.X[782])
vsys1 10.Y.Y.Y[2049]/RULEX (10.Y.Y.Y[2049])
(active)> show session id 3146098
Session 3146098
c2s flow:
source: 10.X.X.X [APP]
dst: 10.Y.Y.Y
proto: 6
sport: 782 dport: 2049
state: ACTIVE type: FLOW
src user: unknown
dst user: unknown
s2c flow:
source: 10.Y.Y.Y [RULEX]
dst: 10.X.X.X
proto: 6
sport: 2049 dport: 782
state: ACTIVE type: FLOW
src user: unknown
dst user: unknown
Slot : 1
DP : 0
index(local): : 3146098
start time : Wed Jun 24 21:03:01 2020
timeout : 120 sec
time to live : 108 sec
total byte count(c2s) : 5613888
total byte count(s2c) : 528
layer7 packet count(c2s) : 71974
layer7 packet count(s2c) : 8
vsys : vsys1
shared gateway : sg2
application : undecided
rule : RULEX
service timeout override(index) : False
application db : 0
app.id : c2s node (0, 0) s2s node (0, 0)
session to be logged at end : True
session in session ager : True
session updated by HA peer : False
layer7 processing : enabled
URL filtering enabled : False
session via syn-cookies : False
session terminated on host : False
session traverses tunnel : False
captive portal session : False
ingress interface : aeX.XXX
egress interface : aeY
session QoS rule : N/A (class 4)
end-reason : unknown
and only a clear of this session id will solve the issue, both firewalls are on version 8.1.12. no session is seen on Firewall 1 when the issue happen.
Thanks for your help
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
