https://community.checkpoint.com/t5/Firewall-and-Security-Management/Too-many-pending-data-connections-for-one-control-connection/m-p/27165#M2120 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I am getting this Alert email and Log message after upgrading from R77.30 to R80.10.</P><P></P><P><SPAN style="font-size: 11.0pt;">HeaderDateHour: 28May2018 16:18:44; ContentVersion: 5; HighLevelLogKey: N/A; LogUid: N/A; SequenceNum: N/A; Action: drop; Origin: TPLCPFW1; IfDir: &lt;; InterfaceName: bond28; Alert: alert; OriginSicName: CN=TPLCPFW1,O=TPLCPMGMT..er27t2; OriginSicName: CN=TPLCPFW1,O=TPLCPMGMT..er27t2; HighLevelLogKey: 18446744073709551615; src: CZO_Exchange; dst: TPIVRCTR; proto: udp; message_info: Too many pending data connections for one control connection; ProductName: VPN-1 &amp; FireWall-1; svc: sip; sport_svc: sip; ProductFamily: Network;</SPAN></P><P></P><P><SPAN style="font-size: 11.0pt;">I have raised a case with Checkpoint TAC and they have asked me to follow the <SPAN style="color: #000000; font-family: Arial; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">sk33760</SPAN> every time I get this alert. </SPAN></P><P></P><P><SPAN style="font-size: 11.0pt;">I have gradually increased the value from 50 to 400 but still I am getting this error. </SPAN></P><P></P><P><SPAN style="font-size: 11.0pt;">Can anyone help? Is there any other solution to this?</SPAN></P><P></P><P><SPAN style="font-size: 11.0pt;">Regards,</SPAN></P><P><SPAN style="font-size: 11.0pt;">Yash</SPAN></P><P></P><P></P></BODY></HTML> Wed, 30 May 2018 05:17:58 GMT Yash_Parmar 2018-05-30T05:17:58Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Too-many-pending-data-connections-for-one-control-connection/m-p/27165#M2120 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I am getting this Alert email and Log message after upgrading from R77.30 to R80.10.</P><P></P><P><SPAN style="font-size: 11.0pt;">HeaderDateHour: 28May2018 16:18:44; ContentVersion: 5; HighLevelLogKey: N/A; LogUid: N/A; SequenceNum: N/A; Action: drop; Origin: TPLCPFW1; IfDir: &lt;; InterfaceName: bond28; Alert: alert; OriginSicName: CN=TPLCPFW1,O=TPLCPMGMT..er27t2; OriginSicName: CN=TPLCPFW1,O=TPLCPMGMT..er27t2; HighLevelLogKey: 18446744073709551615; src: CZO_Exchange; dst: TPIVRCTR; proto: udp; message_info: Too many pending data connections for one control connection; ProductName: VPN-1 &amp; FireWall-1; svc: sip; sport_svc: sip; ProductFamily: Network;</SPAN></P><P></P><P><SPAN style="font-size: 11.0pt;">I have raised a case with Checkpoint TAC and they have asked me to follow the <SPAN style="color: #000000; font-family: Arial; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">sk33760</SPAN> every time I get this alert. </SPAN></P><P></P><P><SPAN style="font-size: 11.0pt;">I have gradually increased the value from 50 to 400 but still I am getting this error. </SPAN></P><P></P><P><SPAN style="font-size: 11.0pt;">Can anyone help? Is there any other solution to this?</SPAN></P><P></P><P><SPAN style="font-size: 11.0pt;">Regards,</SPAN></P><P><SPAN style="font-size: 11.0pt;">Yash</SPAN></P><P></P><P></P></BODY></HTML> Wed, 30 May 2018 05:17:58 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Too-many-pending-data-connections-for-one-control-connection/m-p/27165#M2120 Yash_Parmar 2018-05-30T05:17:58Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Too-many-pending-data-connections-for-one-control-connection/m-p/27166#M2121 <HTML><HEAD></HEAD><BODY><P>Are you actually passing SIP traffic through your gateway?</P><P>What service is accepting the traffic in the rulebase?</P></BODY></HTML> Sun, 03 Jun 2018 05:46:42 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Too-many-pending-data-connections-for-one-control-connection/m-p/27166#M2121 PhoneBoy 2018-06-03T05:46:42Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Too-many-pending-data-connections-for-one-control-connection/m-p/27167#M2122 <HTML><HEAD></HEAD><BODY><DIV><P>Hi,</P><P></P><P style="margin:0in;margin-bottom:.0001pt;line-height:18.0pt;"><SPAN style="font-family: inherit ,serif;mso-bidi-font-family: Segoe UI;">Are you actually passing SIP traffic through your gateway?</SPAN></P><P>Yes</P><P></P><P style="margin:0in;margin-bottom:.0001pt;line-height:18.0pt;"><SPAN style="font-family: inherit ,serif;mso-bidi-font-family: Segoe UI;">What service is accepting the traffic in the <SPAN>rulebase</SPAN>?</SPAN></P><P><TABLE border="0" cellpadding="0" cellspacing="0" style="width:191.0pt;margin-left:-.15pt;border-collapse:collapse;mso-yfti-tbllook:1184;mso-padding-alt:0in 5.4pt 0in 5.4pt;" width="255"><TBODY><TR style="mso-yfti-irow:0;mso-yfti-firstrow:yes;height:15.0pt;"><TD nowrap="" style="width:59.0pt;border:solid windowtext 1.0pt;mso-border-alt:solid windowtext .5pt;padding:0in 5.4pt 0in 5.4pt;height:15.0pt;" valign="bottom" width="79"><P><SPAN style="mso-ascii-font-family:Calibri;mso-fareast-font-family: Times New Roman ;mso-hansi-font-family:Calibri;mso-bidi-font-family:Calibri;color:black;mso-bidi-language:GU;">Name</SPAN></P></TD><TD nowrap="" style="width:26.0pt;border:solid windowtext 1.0pt;border-left:none;mso-border-top-alt:solid windowtext .5pt;mso-border-bottom-alt:solid windowtext .5pt;mso-border-right-alt:solid windowtext .5pt;padding:0in 5.4pt 0in 5.4pt;height:15.0pt;" valign="bottom" width="35"><P><SPAN style="mso-ascii-font-family:Calibri;mso-fareast-font-family: Times New Roman ;mso-hansi-font-family:Calibri;mso-bidi-font-family:Calibri;color:black;mso-bidi-language:GU;">Port</SPAN></P></TD><TD nowrap="" style="width:106.0pt;border:solid windowtext 1.0pt;border-left:none;mso-border-top-alt:solid windowtext .5pt;mso-border-bottom-alt:solid windowtext .5pt;mso-border-right-alt:solid windowtext .5pt;padding:0in 5.4pt 0in 5.4pt;height:15.0pt;" valign="bottom" width="141"><P><SPAN style="mso-ascii-font-family:Calibri;mso-fareast-font-family: Times New Roman ;mso-hansi-font-family:Calibri;mso-bidi-font-family:Calibri;color:black;mso-bidi-language:GU;">Protocol</SPAN></P></TD></TR><TR style="mso-yfti-irow:1;height:15.0pt;"><TD nowrap="" style="width:59.0pt;border:solid windowtext 1.0pt;border-top:none;mso-border-left-alt:solid windowtext .5pt;mso-border-bottom-alt:solid windowtext .5pt;mso-border-right-alt:solid windowtext .5pt;padding:0in 5.4pt 0in 5.4pt;height:15.0pt;" valign="bottom" width="79"><P><SPAN style="mso-ascii-font-family:Calibri;mso-fareast-font-family: Times New Roman ;mso-hansi-font-family:Calibri;mso-bidi-font-family:Calibri;color:black;mso-bidi-language:GU;">sip-<SPAN>tcp</SPAN></SPAN></P></TD><TD nowrap="" style="width:26.0pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;mso-border-bottom-alt:solid windowtext .5pt;mso-border-right-alt:solid windowtext .5pt;padding:0in 5.4pt 0in 5.4pt;height:15.0pt;" valign="bottom" width="35"><P align="right" style="text-align:right;"><SPAN style="mso-ascii-font-family:Calibri;mso-fareast-font-family: Times New Roman ;mso-hansi-font-family:Calibri;mso-bidi-font-family:Calibri;color:black;mso-bidi-language:GU;">5060</SPAN></P></TD><TD nowrap="" style="width:106.0pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;mso-border-bottom-alt:solid windowtext .5pt;mso-border-right-alt:solid windowtext .5pt;padding:0in 5.4pt 0in 5.4pt;height:15.0pt;" valign="bottom" width="141"><P><SPAN style="mso-ascii-font-family:Calibri;mso-fareast-font-family: Times New Roman ;mso-hansi-font-family:Calibri;mso-bidi-font-family:Calibri;color:black;mso-bidi-language:GU;">SIP_TCP_PROTO</SPAN></P></TD></TR><TR style="mso-yfti-irow:2;height:15.0pt;"><TD nowrap="" style="width:59.0pt;border:solid windowtext 1.0pt;border-top:none;mso-border-left-alt:solid windowtext .5pt;mso-border-bottom-alt:solid windowtext .5pt;mso-border-right-alt:solid windowtext .5pt;padding:0in 5.4pt 0in 5.4pt;height:15.0pt;" valign="bottom" width="79"><P><SPAN style="mso-fareast-font-family: Times New Roman; mso-bidi-font-family: Calibri; color: black; mso-hansi-font-family: Calibri; mso-bidi-language: GU; mso-ascii-font-family: Calibri;">sip_any</SPAN></P></TD><TD nowrap="" style="width:26.0pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;mso-border-bottom-alt:solid windowtext .5pt;mso-border-right-alt:solid windowtext .5pt;padding:0in 5.4pt 0in 5.4pt;height:15.0pt;" valign="bottom" width="35"><P align="right" style="text-align:right;"><SPAN style="mso-ascii-font-family:Calibri;mso-fareast-font-family: Times New Roman ;mso-hansi-font-family:Calibri;mso-bidi-font-family:Calibri;color:black;mso-bidi-language:GU;">5060</SPAN></P></TD><TD nowrap="" style="width:106.0pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;mso-border-bottom-alt:solid windowtext .5pt;mso-border-right-alt:solid windowtext .5pt;padding:0in 5.4pt 0in 5.4pt;height:15.0pt;" valign="bottom" width="141"><P><SPAN style="mso-ascii-font-family:Calibri;mso-fareast-font-family: Times New Roman ;mso-hansi-font-family:Calibri;mso-bidi-font-family:Calibri;color:black;mso-bidi-language:GU;">SIP_UDP_ANY</SPAN></P></TD></TR><TR style="mso-yfti-irow:3;mso-yfti-lastrow:yes;height:15.0pt;"><TD nowrap="" style="width:59.0pt;border:solid windowtext 1.0pt;border-top:none;mso-border-left-alt:solid windowtext .5pt;mso-border-bottom-alt:solid windowtext .5pt;mso-border-right-alt:solid windowtext .5pt;padding:0in 5.4pt 0in 5.4pt;height:15.0pt;" valign="bottom" width="79"><P><SPAN style="mso-fareast-font-family: Times New Roman; mso-bidi-font-family: Calibri; color: black; mso-hansi-font-family: Calibri; mso-bidi-language: GU; mso-ascii-font-family: Calibri;">sip_any-tcp</SPAN></P></TD><TD nowrap="" style="width:26.0pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;mso-border-bottom-alt:solid windowtext .5pt;mso-border-right-alt:solid windowtext .5pt;padding:0in 5.4pt 0in 5.4pt;height:15.0pt;" valign="bottom" width="35"><P align="right" style="text-align:right;"><SPAN style="mso-ascii-font-family:Calibri;mso-fareast-font-family: Times New Roman ;mso-hansi-font-family:Calibri;mso-bidi-font-family:Calibri;color:black;mso-bidi-language:GU;">5060</SPAN></P></TD><TD nowrap="" style="width:106.0pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;mso-border-bottom-alt:solid windowtext .5pt;mso-border-right-alt:solid windowtext .5pt;padding:0in 5.4pt 0in 5.4pt;height:15.0pt;" valign="bottom" width="141"><P><SPAN style="mso-ascii-font-family:Calibri;mso-fareast-font-family: Times New Roman ;mso-hansi-font-family:Calibri;mso-bidi-font-family:Calibri;color:black;mso-bidi-language:GU;">SIP_ANY_TCP_PROTO</SPAN></P></TD></TR></TBODY></TABLE></P><P></P><P></P><P>Regards,</P><P>Yash</P></DIV></BODY></HTML> Mon, 04 Jun 2018 05:33:38 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Too-many-pending-data-connections-for-one-control-connection/m-p/27167#M2122 Yash_Parmar 2018-06-04T05:33:38Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Too-many-pending-data-connections-for-one-control-connection/m-p/27168#M2123 <HTML><HEAD></HEAD><BODY><P>Ok, you're using the default handlers, which is a good starting point.</P><P></P><P>We limit the number of pending control connections to reduce the risk of a potential denial of service.</P><P>At a default of 50, this limit is set pretty low out-of-the box.&nbsp;</P><P>At 400, you are well below the max limit of 25,000 (as documented in SK).</P><P>As such, I'd keep increasing it as mentioned in the SK.</P></BODY></HTML> Mon, 04 Jun 2018 13:14:41 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Too-many-pending-data-connections-for-one-control-connection/m-p/27168#M2123 PhoneBoy 2018-06-04T13:14:41Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Too-many-pending-data-connections-for-one-control-connection/m-p/50463#M3742 <P>Is there a way to monitor these&nbsp;<SPAN>pending control connections?</SPAN></P> <P><SPAN>Seeing a similar issue where we increased gradually as documented in the SK, without seeing improvement. We then increased to 5,000 and have not seen the issue since, however we are looking to see where we are at with these connections.</SPAN></P> <P>Thanks in advance.</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 10 Apr 2019 15:51:03 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Too-many-pending-data-connections-for-one-control-connection/m-p/50463#M3742 cwilliams 2019-04-10T15:51:03Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Too-many-pending-data-connections-for-one-control-connection/m-p/69826#M5372 <P>I too have the same question, how do I find&nbsp; the current state once increased</P> Tue, 10 Dec 2019 00:55:31 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Too-many-pending-data-connections-for-one-control-connection/m-p/69826#M5372 VENKAT_S_P 2019-12-10T00:55:31Z