• January 19, 2019, 12:07:42 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Connections number exploding  (Read 6869 times)

0 Members and 1 Guest are viewing this topic.

Offline Dorian

  • Full Member
  • ***
  • Posts: 68
Connections number exploding
« on: March 08, 2011, 10:41:11 AM »
Hi Everybody

Today we had a strange behavior on our Nokia IPSO checkpoint.

I was creating a new STATIC NAT address for one of our webserver.
I compiled the new rule.

A few seconds after that our number of connexions exploded.
No more internet, our firewall seemed to be overextended.
I used the magic command:
fw tab -t connections -x
to purge all active connexions, and deactivate my NAT. Everything is good now.

My question is:
Is this behavior normal and expected ?
What I have to do to prevent this ?

Thank you by advance


Offline Flintstone

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 955
Re: Connections number exploding
« Reply #1 on: March 08, 2011, 11:33:40 AM »
Hi,

It depends on how many connections your Checkpoint is already servicing? 

If you bring up SmartView Monitor for your firewall, you should be able to see under 'General Info' the 'Concurrent Connections'.  On my Checkpoint (R65), the default 'Maximum concurrent connections' is 25000, so how close is the 'Concurrent Connections' to 25000?

I am presuming that by adding a new STATIC NAT, you are exceeding 25000?

Also, What errors if any are you seeing in the system log through Voyager?

CheerZ and good luck
« Last Edit: March 08, 2011, 11:41:05 AM by Flintstone »

Offline Dorian

  • Full Member
  • ***
  • Posts: 68
Re: Connections number exploding
« Reply #2 on: March 08, 2011, 11:42:54 AM »
In normal "mode" my number of connections is 5000
When I have allowed this new Public address I reached 30 000 connections in some seconds.

My maximum concurrent connections is 300 000 (But I don't know if my Firewall could handle this).

I have 2 questions in fact:
- Why is my number of connections exploding ? I restricted the access to my new address to only one public IP address (my client's one) and one port. I don't see any dropped traffic on the tracker.
- Why does this increase degrade my other connections ?

Offline Flintstone

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 955
Re: Connections number exploding
« Reply #3 on: March 08, 2011, 12:02:06 PM »
Hi,

Increasing the maximum 'Concurrent Connections' depends on the RAM your firewall already has?  300 000 seems a very high value?  Maybe try something smaller like 50 000 if you are only reaching 30 000 connections?

To answer your questions: -
Why is my number of connections exploding ? I restricted the access to my new address to only one public IP address (my client's one) and one port. I don't see any dropped traffic on the tracker.
I would suggest checking the firewall tracker and/or use a Sniffer to see why your connections are exploding?

Why does this increase degrade my other connections ?
If you are hitting your connection limit then that will stop any new connections getting through the firewall, but again you should see normal traffic being dropped in the firewall tracker?  Is your CPU also getting close to 100%?

Good luck