This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Yash_Parmar
Explorer
‎2018-05-29 10:17 PM

Too many pending data connections for one control connection

Hi,

I am getting this Alert email and Log message after upgrading from R77.30 to R80.10.

HeaderDateHour: 28May2018 16:18:44; ContentVersion: 5; HighLevelLogKey: N/A; LogUid: N/A; SequenceNum: N/A; Action: drop; Origin: TPLCPFW1; IfDir: <; InterfaceName: bond28; Alert: alert; OriginSicName: CN=TPLCPFW1,O=TPLCPMGMT..er27t2; OriginSicName: CN=TPLCPFW1,O=TPLCPMGMT..er27t2; HighLevelLogKey: 18446744073709551615; src: CZO_Exchange; dst: TPIVRCTR; proto: udp; message_info: Too many pending data connections for one control connection; ProductName: VPN-1 & FireWall-1; svc: sip; sport_svc: sip; ProductFamily: Network;

I have raised a case with Checkpoint TAC and they have asked me to follow the sk33760 every time I get this alert.

I have gradually increased the value from 50 to 400 but still I am getting this error.

Can anyone help? Is there any other solution to this?

Regards,

Yash

5 Replies
PhoneBoy
Admin
Admin
‎2018-06-02 10:46 PM

Are you actually passing SIP traffic through your gateway?

What service is accepting the traffic in the rulebase?

0 Kudos
Yash_Parmar
Explorer
‎2018-06-03 10:33 PM
In response to PhoneBoy

Hi,

Are you actually passing SIP traffic through your gateway?

Yes

What service is accepting the traffic in the rulebase?

Name

Port

Protocol

sip-tcp

5060

SIP_TCP_PROTO

sip_any

5060

SIP_UDP_ANY

sip_any-tcp

5060

SIP_ANY_TCP_PROTO

Regards,

Yash

PhoneBoy
Admin
Admin
‎2018-06-04 06:14 AM
In response to Yash_Parmar

Ok, you're using the default handlers, which is a good starting point.

We limit the number of pending control connections to reduce the risk of a potential denial of service.

At a default of 50, this limit is set pretty low out-of-the box. 

At 400, you are well below the max limit of 25,000 (as documented in SK).

As such, I'd keep increasing it as mentioned in the SK.

cwilliams
Employee Alumnus
Employee Alumnus
‎2019-04-10 08:51 AM
In response to PhoneBoy

Is there a way to monitor these pending control connections?

Seeing a similar issue where we increased gradually as documented in the SK, without seeing improvement. We then increased to 5,000 and have not seen the issue since, however we are looking to see where we are at with these connections.

Thanks in advance.

 

 

VENKAT_S_P
Collaborator
‎2019-12-09 04:55 PM
In response to cwilliams

I too have the same question, how do I find  the current state once increased

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top