Configuring a Persistent Connection
On actual networks, sessions of data flows in certain services require long aging time. Configuring the persistent connection function guarantees the normal running of such services.
Context
Generally, the default aging time on the device can meet the forwarding requirements. You can also fine-tune the aging time as needed. However, for some services, the idle time between two packets can be very long. For example:
- When a user downloads large files using FTP, the idle time between control packets along the control channel can be very long.
- A user may query a database server now and then, and the time between query operations may be greater than the aging time of the TCP session.
To remedy this, you can set the aging time to a larger value. However, the aging time applies to all protocol sessions, resulting in performance degradation.
Therefore, the aging time setting must be more precise. The persistent connection function allows you to set the session aging time for specific flows. However, the FW supports persistent connection only for TCP.
- When stateful inspection is disabled, the device also creates session entries for non-first packets. In this case, you do not need to enable the persistent connection function.
The aging time specified through the persistent connection function is not affected by the global aging time of the session table.
The maximum number of persistent connection sessions is 1/3 of the session specification.
Procedure
- Access the system view.
- Access the security policy view.
- Create a security policy rule and access the security policy rule view.
rule name rule-name
- Enable the persistent connection function.
- Specify the aging time of each persistent connection.
long-link aging-time interval
For persistent connection configurations on the web UI, see Adjusting the Session Aging Time of Security Policies.