https://community.checkpoint.com/t5/Firewall-and-Security-Management/Aggressive-Aging/m-p/115893#M27136 <P>In case you don't want to download and open the screenshot:</P><P>Search term "aggressive_aging_general" is used.</P><P>&nbsp;</P> Tue, 13 Apr 2021 06:55:47 GMT Sascha_Bremshey 2021-04-13T06:55:47Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Aggressive-Aging/m-p/49209#M27133 <P>TL;DR How does one determine if a connection entry was purged because Aggressive Aging?</P><P>Apologies if this has been answered previously, but I'm struggling to find information about how to track down when aggressive aging has occurred. I know that "fw ctl pstat" will tell me if it is active but is there a way to track down if it has happened recently.&nbsp;</P><P>We have some connections that are getting registered as out of state and I'd like to try and determine if they are the result of TCP start timeouts, TCP session timeouts or aggressive aging timeouts.&nbsp;</P><P>Some of them are easy to determine. Couple minutes after an accept, you get an ACK dropped out of state, probably the start timeout. Couple hours after an accept, you get out of state drops on the same port combinations, probably a session.&nbsp;</P><P>But the forty minute after accept drops for the same port combination are the ones that are stumping me.&nbsp; Within the session timeouts, way too far out to be a start timeout (unless something is REALLY wrong with our wireless network) but within the range of the Aggressive Aging settings.</P><P>Our connection limit is set to Automatic and the firewall itself doesn't seem to be under too much load.&nbsp;</P> Fri, 29 Mar 2019 16:35:41 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Aggressive-Aging/m-p/49209#M27133 Jason_Carrillo 2019-03-29T16:35:41Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Aggressive-Aging/m-p/49228#M27134 <P>Just search in smartlog, see attached screenshot</P> Fri, 29 Mar 2019 18:37:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Aggressive-Aging/m-p/49228#M27134 Kaspars_Zibarts 2019-03-29T18:37:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Aggressive-Aging/m-p/49230#M27135 Perfect! Thank you. No sign of those logs in my walls, so AA doesn't appear to be the culprit. Fri, 29 Mar 2019 18:39:16 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Aggressive-Aging/m-p/49230#M27135 Jason_Carrillo 2019-03-29T18:39:16Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Aggressive-Aging/m-p/115893#M27136 <P>In case you don't want to download and open the screenshot:</P><P>Search term "aggressive_aging_general" is used.</P><P>&nbsp;</P> Tue, 13 Apr 2021 06:55:47 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Aggressive-Aging/m-p/115893#M27136 Sascha_Bremshey 2021-04-13T06:55:47Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Aggressive-Aging/m-p/125705#M27137 <P>Hello&nbsp;</P><P>By default when the connection table reaches 80% of its capacity the anti-Dos mechanism agressive aging takes place.</P><P>Has anyone configured a snmp trap mechanism in order to get&nbsp; a notification if capacity of connection table reaches 70% for example?</P><P>BR,</P><P>Kostas</P> Wed, 04 Aug 2021 14:41:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Aggressive-Aging/m-p/125705#M27137 KostasGR 2021-08-04T14:41:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Aggressive-Aging/m-p/139613#M27138 <P>Yes - we have set it to 45% to ensure we're capable of full site failover.</P> Wed, 26 Jan 2022 17:53:18 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Aggressive-Aging/m-p/139613#M27138 pjoseph 2022-01-26T17:53:18Z