cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

"max concurrent sessions per connection exceeded"

Hi,

I've a problem with one connection.. in the Smartlog I get the error

2019-03-25 12_33_48-Start.png

In the settngs the connection setting is on "Automatically"

 

 fw ctl pstat

System Capacity Summary:
  Memory used: 12% (6138 MB out of 48155 MB) - below watermark
  Concurrent Connections: 30068 (Unlimited)
  Aggressive Aging is enabled, not active

 

 

What else can I do to solve this problem?

Version: GAiA R80.10

Thx

Robert

 

 

 

 

0 Kudos
10 Replies
Admin
Admin

Re: "max concurrent sessions per connection exceeded"

The setting you're looking at is probably not the one referred to by this error message.
The one SK that comes up with this error message is: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos

Re: "max concurrent sessions per connection exceeded"

Mhm.. the setting is now on "0" but I a bit confused about the error message that the max. count of concurred sessions.. 

0 Kudos
Admin
Admin

Re: "max concurrent sessions per connection exceeded"

I'm asking around, but I suspect you should open a TAC case so we can gather the appropriate data related to this.
0 Kudos

Re: "max concurrent sessions per connection exceeded"

Log message is coming from AC/UF blade, not the FW one. It seems there is imposed limit on number of concurrent connections that AC/UF can process.

0 Kudos

Re: "max concurrent sessions per connection exceeded"

sounds logical.. is there a way to raise this vaue or bypass the traffic?

0 Kudos

Re: "max concurrent sessions per connection exceeded"

Not sure. I think sk112454 might be something similar but you should probably first investigate why did you hit this limit. Are there large numbers of opened HTTP(S) connections that are stale or probably you are under some kind of DoS. Even if there is such limit it should be really high value. 

0 Kudos

Re: "max concurrent sessions per connection exceeded"

Hi,

Thx - yes the traffic is OK so I can be sure that this is not a DoS attack 

0 Kudos

Re: "max concurrent sessions per connection exceeded"

Yeah, may be you should ask TAC for assistance. That parsing error seems to be a problem in the software.

0 Kudos
Admin
Admin

Re: "max concurrent sessions per connection exceeded"

In order to prevent DoS on the HTTP parser, we have two global (kernel) parameters that controls the number of concurrent sessions:

  • ws_max_sessions_per_conn -  The total allowed number of sessions per connection
  • ws_max_timestamped_sessions_per_conn – The maximum allowed concurrent sessions where no response have seen for it during a period of one minute.  That is, we don’t allow more than 100 concurrent requests where no response was received for any of them for one minute.

The default for these parameters is:

  • ws_max_sessions_per_conn: 200 prior to R80.30, 400 in R80.30+
  • ws_max_timestamped_sessions_per_conn: 50 prior to R80.30, 100 in R80.30+

You can increase those values on a temporary basis (using fw ctl set int) to check if issue is resolved. To permanently set these kernel variables, see: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Re: "max concurrent sessions per connection exceeded"

Thx... I will increase the settings, perhaps whis will solve that....

 

Thx for your support!

0 Kudos