Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Inactive client "falling asleep forever"

    Posted 04-15-2013 00:23

    application client "SCALA" is in vlan. On the server side "SCALA" there is SSG320 (gateway). On the client side there is SSG5 (router). Inactive client "falling asleep forever" through 5-10 minutes. The problem disappears if with the PC client run to the server ping -t. What settings should be done on the SSG for that would do without the ping-t?



  • 2.  RE: Inactive client "falling asleep forever"

    Posted 04-15-2013 01:33

    Hi,


    What protocol is used by Scala?

    This looks like more a connection timeout on the local client/server rather than the firewall.

    The firewall will create a session for Scala application and if it works on TCP a session with 30 mins timeout will be created.

     

    Regards.

    Hardeep



  • 3.  RE: Inactive client "falling asleep forever"

    Posted 04-15-2013 05:37

    Clients that do not work through SSG, not have this problem.



  • 4.  RE: Inactive client "falling asleep forever"

    Posted 04-15-2013 09:40

    Ok, can you check what session is created on the firewall between the client and server

     

    get session src-ip client-ip dst-ip server-ip

    get session src-ip server-ip dst-ip client-ip

     

    Check if this is a UDP session as it will timeout after one minute of inactivity.

     

    When the client is inactive, check the output again and see if the same session is still in the sesison table.

     



  • 5.  RE: Inactive client "falling asleep forever"

    Posted 04-17-2013 00:05

    in the session displayed protocol number 6, time 180 tick. still can not understand what session makes a client  inactive.

    If you have suggestions, please email.



  • 6.  RE: Inactive client "falling asleep forever"

    Posted 04-17-2013 07:05

    Hi,

     

    Is it possible that there is another keepalive session between client and server and may be that is failing to establish and hence leads to inactivity.

    You can try the debug option to check if traffic fails on the FW.

     

    Thanks.

    Hardeep



  • 7.  RE: Inactive client "falling asleep forever"

    Posted 04-17-2013 22:23

    My assumption of the error. Client "Scala" creates 17 sessions. User works with any one module "Scala". Working with one module uses 15 sessions. After 30 minutes, 2 sessions are inactive. These two sessions needed for transition to another module. If the user wants to switch to another module, then an error occurs.



  • 8.  RE: Inactive client "falling asleep forever"

    Posted 04-17-2013 23:07

    Hi,

     

    It is possible that because no traffic flow over the sessions, it times out after 30 minutes.
    You can look at the session output and check the time value for each session.
    When a session receives traffic it will refresh its timeout to 180.
    Inactive sessions will see a decreasing value for the 'time' field.
    If you have a requirement that the sessions should not timeout even after 30 minutes, you can create custom TCP service with higher idle timeout value.

     

    Thanks.
    Hardeep



  • 9.  RE: Inactive client "falling asleep forever"
    Best Answer

    Posted 04-19-2013 06:30

    I did something like that. Need some time for that to know what will happen with the client. 'll let you know.

    Thanks



  • 10.  RE: Inactive client "falling asleep forever"

    Posted 06-17-2013 04:45

    Hi, it seems that we are on the right track.