- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi,
I am getting this Alert email and Log message after upgrading from R77.30 to R80.10.
HeaderDateHour: 28May2018 16:18:44; ContentVersion: 5; HighLevelLogKey: N/A; LogUid: N/A; SequenceNum: N/A; Action: drop; Origin: TPLCPFW1; IfDir: <; InterfaceName: bond28; Alert: alert; OriginSicName: CN=TPLCPFW1,O=TPLCPMGMT..er27t2; OriginSicName: CN=TPLCPFW1,O=TPLCPMGMT..er27t2; HighLevelLogKey: 18446744073709551615; src: CZO_Exchange; dst: TPIVRCTR; proto: udp; message_info: Too many pending data connections for one control connection; ProductName: VPN-1 & FireWall-1; svc: sip; sport_svc: sip; ProductFamily: Network;
I have raised a case with Checkpoint TAC and they have asked me to follow the sk33760 every time I get this alert.
I have gradually increased the value from 50 to 400 but still I am getting this error.
Can anyone help? Is there any other solution to this?
Regards,
Yash
Are you actually passing SIP traffic through your gateway?
What service is accepting the traffic in the rulebase?
Hi,
Are you actually passing SIP traffic through your gateway?
Yes
What service is accepting the traffic in the rulebase?
Name | Port | Protocol |
sip-tcp | 5060 | SIP_TCP_PROTO |
sip_any | 5060 | SIP_UDP_ANY |
sip_any-tcp | 5060 | SIP_ANY_TCP_PROTO |
Regards,
Yash
Ok, you're using the default handlers, which is a good starting point.
We limit the number of pending control connections to reduce the risk of a potential denial of service.
At a default of 50, this limit is set pretty low out-of-the box.
At 400, you are well below the max limit of 25,000 (as documented in SK).
As such, I'd keep increasing it as mentioned in the SK.
Is there a way to monitor these pending control connections?
Seeing a similar issue where we increased gradually as documented in the SK, without seeing improvement. We then increased to 5,000 and have not seen the issue since, however we are looking to see where we are at with these connections.
Thanks in advance.
I too have the same question, how do I find the current state once increased
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY