cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Too many pending data connections for one control connection

Hi,

I am getting this Alert email and Log message after upgrading from R77.30 to R80.10.

HeaderDateHour: 28May2018 16:18:44; ContentVersion: 5; HighLevelLogKey: N/A; LogUid: N/A; SequenceNum: N/A; Action: drop; Origin: TPLCPFW1; IfDir: <; InterfaceName: bond28; Alert: alert; OriginSicName: CN=TPLCPFW1,O=TPLCPMGMT..er27t2; OriginSicName: CN=TPLCPFW1,O=TPLCPMGMT..er27t2; HighLevelLogKey: 18446744073709551615; src: CZO_Exchange; dst: TPIVRCTR; proto: udp; message_info: Too many pending data connections for one control connection; ProductName: VPN-1 & FireWall-1; svc: sip; sport_svc: sip; ProductFamily: Network;

I have raised a case with Checkpoint TAC and they have asked me to follow the sk33760 every time I get this alert.

I have gradually increased the value from 50 to 400 but still I am getting this error.

Can anyone help? Is there any other solution to this?

Regards,

Yash

4 Replies
Admin
Admin

Re: Too many pending data connections for one control connection

Are you actually passing SIP traffic through your gateway?

What service is accepting the traffic in the rulebase?

0 Kudos

Re: Too many pending data connections for one control connection

Hi,

Are you actually passing SIP traffic through your gateway?

Yes

What service is accepting the traffic in the rulebase?

Name

Port

Protocol

sip-tcp

5060

SIP_TCP_PROTO

sip_any

5060

SIP_UDP_ANY

sip_any-tcp

5060

SIP_ANY_TCP_PROTO

Regards,

Yash

0 Kudos
Admin
Admin

Re: Too many pending data connections for one control connection

Ok, you're using the default handlers, which is a good starting point.

We limit the number of pending control connections to reduce the risk of a potential denial of service.

At a default of 50, this limit is set pretty low out-of-the box. 

At 400, you are well below the max limit of 25,000 (as documented in SK).

As such, I'd keep increasing it as mentioned in the SK.

Employee
Employee

Re: Too many pending data connections for one control connection

Is there a way to monitor these pending control connections?

Seeing a similar issue where we increased gradually as documented in the SK, without seeing improvement. We then increased to 5,000 and have not seen the issue since, however we are looking to see where we are at with these connections.

Thanks in advance.

 

 

0 Kudos