• January 26, 2021, 07:33:21 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Default Maximum Concurrent Connections  (Read 13134 times)

0 Members and 1 Guest are viewing this topic.

Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 3843
    • michaelfmcnamara
    • Michael McNamara
Default Maximum Concurrent Connections
« on: December 23, 2010, 12:10:13 AM »
I ran into an issue today with the default maximum concurrent connections on a Check Point IPSO 6.2 Security Appliance (firewall) running Check Point FIreWall-1 NGX R70.

The TCP session timeout value has been configured to 86400 (1 day) via Policy -> Global Properties and traffic bound for the Internet ground to a halt when the firewall approached 24,900 active connections. I knew from past experiences that the default (out-of-the-box) setting was 25,000 although it took me a few minutes to find the configuration in Smart Dashboard.

I eneded up rebooting the firewall to quickly clear the connection table (is there a command to clear the connection table other than a cpstop and cpstart?) the secondary IP560 immediately picked up the traffic and the performance problem was immediately resolved.

With all the peer2peer applications out there I'm curious what other folks use for a default setting?

http://blog.michaelfmcnamara.com/2010/12/check-point-firewall-1-maximum-concurrent-connections/

Cheers!
We've been helping network engineers, system administrators and technology professionals since June 2009.
If you've found this site useful or helpful, please help me spread the word. Link to us in your blog or homepage - Thanks!


Offline Dorian

  • Full Member
  • ***
  • Posts: 68
Re: Default Maximum Concurrent Connections
« Reply #1 on: December 30, 2010, 04:50:29 AM »
I eneded up rebooting the firewall to quickly clear the connection table (is there a command to clear the connection table other than a cpstop and cpstart?) the secondary IP560 immediately picked up the traffic and the performance problem was immediately resolved.

Yep mister you can do it with:
Fw tab t connections x

I had the same problem past week.

Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 3843
    • michaelfmcnamara
    • Michael McNamara
Re: Default Maximum Concurrent Connections
« Reply #2 on: December 30, 2010, 11:21:41 AM »
Thanks for the help! +1

I had found the command (fw tab -t connections) to display the connections but it wasn't really plainly clear on how to clear the table.

Cheers!
We've been helping network engineers, system administrators and technology professionals since June 2009.
If you've found this site useful or helpful, please help me spread the word. Link to us in your blog or homepage - Thanks!

Offline Dorian

  • Full Member
  • ***
  • Posts: 68
Re: Default Maximum Concurrent Connections
« Reply #3 on: January 21, 2011, 08:37:47 AM »
Some other commands could be useful:

To dump the list of connection I personnaly use:
fw tab -t connections -u -f > log.txt

Take care, the file created can be very big (200 Mo last time).

When you have this you can send the file to another linux to investigate.

The little command will sort it for you:

cat log.txt | cu -d " " -f <column_number> | sort | uniq -c | sort -g > sorted_log.txt

for column number I have:

19 for IP source
21 for port number
23 for IP destination