Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Connection closed on logs, but still receiving traffic from the IP on the FW

SOLVED
Go to solution
Maarouf
New Contributor
‎04-12-2020 07:34:AM
‎04-12-2020 07:34:AM

Connection closed on logs, but still receiving traffic from the IP on the FW

Hello All,

 

Does message NWC30993 which is "Closed connection to x.x.x.x after 734 seconds, with 2783959 bytes read and 3070219 bytes written" really means that the connection is closed ?

 

As I can see in some cases the same IP with the closed session still sending traffic on the FW for more than 10 mins after this log and no any logs for new session on the pulse secure about it.

I even doubled checked that no other user is using the same ip.

 

And in another situation I was filtering on my user account on pulse secure logs and I found the below logs, after I closed the connection at 17:01 I can see another log session timed out after about 35 mins, So how come the session timed out after it has been closed ?

 

 

InfoAUT228862020-04-09 17:36:34 - xxx- Session timed out for xx(session:00000000) due to inactivity (last access at 17:01:03 2020/04/09). Idle session identified during routine system scan.
InfoNWC309932020-04-09 17:01:03 - xxx- Closed connection to x.x.x.x after 644 seconds, with 289925 bytes read and 1309713 bytes written
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
r@yElr3y
Moderator
Moderator
‎04-13-2020 06:42:PM
‎04-13-2020 06:42:PM

Re: Connection closed on logs, but still receiving traffic from the IP on the FW

@Maarouf That's a good question. Normally, VPN server is capable of having two type of sessions i.e. a plain user session (one you will see after successful authentication) and a tunnel session (after assigning tunnel IP address). Tricky thing is that the Pulse Client is capable of different disconnect messages at different situations,

 

Disconnect with logoff i.e. complete tear down - Which tells the VPN server to close both user session and tunnel session.

 

Disconnect without logoff i.e. partial tear down -  Which tells the VPN server to keep the user session but close the tunnel session i.e. remove the IP address assignment but keep the session active. This behavior would be seen if the Pulse Client disconnects the session based on predefined conditions like Location awareness rules.

 

In your case, session timeout was happened for the user session but the actual tunnel session was closed prior to that. Hope this clarifies your query.

 

Thank you,

Ray.

PCS Expert
Pulse Connect Secure Certified Expert

View solution in original post

2 REPLIES 2
r@yElr3y
Moderator
Moderator
‎04-13-2020 06:42:PM
‎04-13-2020 06:42:PM

Re: Connection closed on logs, but still receiving traffic from the IP on the FW

@Maarouf That's a good question. Normally, VPN server is capable of having two type of sessions i.e. a plain user session (one you will see after successful authentication) and a tunnel session (after assigning tunnel IP address). Tricky thing is that the Pulse Client is capable of different disconnect messages at different situations,

 

Disconnect with logoff i.e. complete tear down - Which tells the VPN server to close both user session and tunnel session.

 

Disconnect without logoff i.e. partial tear down -  Which tells the VPN server to keep the user session but close the tunnel session i.e. remove the IP address assignment but keep the session active. This behavior would be seen if the Pulse Client disconnects the session based on predefined conditions like Location awareness rules.

 

In your case, session timeout was happened for the user session but the actual tunnel session was closed prior to that. Hope this clarifies your query.

 

Thank you,

Ray.

PCS Expert
Pulse Connect Secure Certified Expert

View solution in original post

Maarouf
New Contributor
‎04-15-2020 12:36:AM
‎04-15-2020 12:36:AM

Re: Connection closed on logs, but still receiving traffic from the IP on the FW

Thanks Ray for your explaination, Now it's clear for me.

 

 

© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.