Skip to main content
Waters Employee Login
 
Waters

Cisco router firewall timeout policy causes connection failures in UNIFI & waters_connect - WKB47653

  1. Last updated
  2. Save as PDF
Article number: 47653

SYMPTOMS

  • Problems logging in to clients first thing in the morning
  • LND requires a reboot after period of inactivity to restore comms especially fire thing in morning or after the weekend.

ENVIRONMENT

  • UNIFI network 1.9.4 and older
  • UNIFI 1.9.9,1.9.12 & 1.9.13 waters_connect networks

CAUSE

Cisco has introduced a firewall policy where unused ports are closed after a default time of 1 hour. After this time, UNIFI services must reopen these ports by a reboot of the LND or client.

Also, similar policy exists for Check Point Firewall software - folowing link has details of default 1 hour time and how to increase.

https://supportcenter.checkpoint.com...ionid=sk145452

FIX or WORKAROUND

  • The customer IT should increase the timeout or disable the policy. Most customers set to 12 or 72 hours. (if set 12 hours LNDs will need rebooting every Monday morning)
  • An enhancement has been raised internally to see if UNIFI can provide a "heartbeat" to keep these connections alive. CRI-96
  • CR ID: US1#218171

ADDITIONAL INFORMATION

  • Fix is planned for a future version of waters_connect platform

id47653, communication, SUPUNIFI, UNIFISVR, UNIFISW18, UNIFOPT, UNIFQLIC, UNIFSW17, UNIFSW18, UNIFSW19, UNIFWGLIC, UNIFWKLIC

Not able to find a solution? Click here to request help.