This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Robert_Mueller
Collaborator
‎2019-03-25 04:38 AM

"max concurrent sessions per connection exceeded"

Hi,

I've a problem with one connection.. in the Smartlog I get the error

2019-03-25 12_33_48-Start.png

In the settngs the connection setting is on "Automatically"

 

 fw ctl pstat

System Capacity Summary:
  Memory used: 12% (6138 MB out of 48155 MB) - below watermark
  Concurrent Connections: 30068 (Unlimited)
  Aggressive Aging is enabled, not active

 

 

What else can I do to solve this problem?

Version: GAiA R80.10

Thx

Robert

 

 

 

 

0 Kudos
10 Replies
PhoneBoy
Admin
Admin
‎2019-03-25 04:54 AM

The setting you're looking at is probably not the one referred to by this error message.
The one SK that comes up with this error message is: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos
Robert_Mueller
Collaborator
‎2019-03-26 02:43 AM
In response to PhoneBoy

Mhm.. the setting is now on "0" but I a bit confused about the error message that the max. count of concurred sessions.. 

0 Kudos
PhoneBoy
Admin
Admin
‎2019-03-26 03:14 PM
In response to Robert_Mueller

I'm asking around, but I suspect you should open a TAC case so we can gather the appropriate data related to this.
0 Kudos
HristoGrigorov
MVP Gold
MVP Gold
‎2019-03-26 09:27 PM
In response to PhoneBoy

Log message is coming from AC/UF blade, not the FW one. It seems there is imposed limit on number of concurrent connections that AC/UF can process.

0 Kudos
Robert_Mueller
Collaborator
‎2019-03-26 09:30 PM
In response to HristoGrigorov

sounds logical.. is there a way to raise this vaue or bypass the traffic?

0 Kudos
HristoGrigorov
MVP Gold
MVP Gold
‎2019-03-26 09:37 PM
In response to Robert_Mueller

Not sure. I think sk112454 might be something similar but you should probably first investigate why did you hit this limit. Are there large numbers of opened HTTP(S) connections that are stale or probably you are under some kind of DoS. Even if there is such limit it should be really high value. 

0 Kudos
Robert_Mueller
Collaborator
‎2019-03-26 09:59 PM
In response to HristoGrigorov

Hi,

Thx - yes the traffic is OK so I can be sure that this is not a DoS attack 

0 Kudos
HristoGrigorov
MVP Gold
MVP Gold
‎2019-03-26 10:14 PM
In response to Robert_Mueller

Yeah, may be you should ask TAC for assistance. That parsing error seems to be a problem in the software.

0 Kudos
PhoneBoy
Admin
Admin
‎2019-03-28 04:46 AM
In response to Robert_Mueller

In order to prevent DoS on the HTTP parser, we have two global (kernel) parameters that controls the number of concurrent sessions:

  • ws_max_sessions_per_conn -  The total allowed number of sessions per connection
  • ws_max_timestamped_sessions_per_conn – The maximum allowed concurrent sessions where no response have seen for it during a period of one minute.  That is, we don’t allow more than 100 concurrent requests where no response was received for any of them for one minute.

The default for these parameters is:

  • ws_max_sessions_per_conn: 200 prior to R80.30, 400 in R80.30+
  • ws_max_timestamped_sessions_per_conn: 50 prior to R80.30, 100 in R80.30+

You can increase those values on a temporary basis (using fw ctl set int) to check if issue is resolved. To permanently set these kernel variables, see: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Robert_Mueller
Collaborator
‎2019-03-28 04:55 AM
In response to PhoneBoy

Thx... I will increase the settings, perhaps whis will solve that....

 

Thx for your support!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events