Country/Region

F1000 drop the FIN/ACK outbound packet

2024-12-20 17:19:23 Published
  • 0 Followed
  • 0Collected ,2288Browsed
JunhaoJi

Network Topology

null

Problem Description

Customer found that the server did not receive the FIN/ACK message sent by the client, so each HTTP session will timeout after 5 minutes and cannot be closed immediately, consuming a lot of server resources

Process Analysis

After capturing the packet, it was found that the terminal only sent the third wave message 2 minutes after sending the second wave, causing the FIN timer on the firewall to time out and block subsequent messages.

Solution

Modify the fin timeout of the firewall. But not recommended because it will consume a lot of firewall resources.

Recommend letting the customer to investigate the reasons for the server side's fin interval exceeding two minutes

 

session aging-time fin 120

Please rate this case:   
0 Comments

No Comments

Add Comments:

Copyright© 2025 H3C reserves all rights to the current version NO.1

The copyright of this icon belongs to H3C. It is only for the use of this community. Do not use it for commercial purposes. Anyone who violates this icon will be prosecuted