Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Yash_Parmar
Explorer

Too many pending data connections for one control connection

Hi,

I am getting this Alert email and Log message after upgrading from R77.30 to R80.10.

HeaderDateHour: 28May2018 16:18:44; ContentVersion: 5; HighLevelLogKey: N/A; LogUid: N/A; SequenceNum: N/A; Action: drop; Origin: TPLCPFW1; IfDir: <; InterfaceName: bond28; Alert: alert; OriginSicName: CN=TPLCPFW1,O=TPLCPMGMT..er27t2; OriginSicName: CN=TPLCPFW1,O=TPLCPMGMT..er27t2; HighLevelLogKey: 18446744073709551615; src: CZO_Exchange; dst: TPIVRCTR; proto: udp; message_info: Too many pending data connections for one control connection; ProductName: VPN-1 & FireWall-1; svc: sip; sport_svc: sip; ProductFamily: Network;

I have raised a case with Checkpoint TAC and they have asked me to follow the sk33760 every time I get this alert.

I have gradually increased the value from 50 to 400 but still I am getting this error.

Can anyone help? Is there any other solution to this?

Regards,

Yash

5 Replies
PhoneBoy
Admin
Admin

Are you actually passing SIP traffic through your gateway?

What service is accepting the traffic in the rulebase?

0 Kudos
Yash_Parmar
Explorer

Hi,

Are you actually passing SIP traffic through your gateway?

Yes

What service is accepting the traffic in the rulebase?

Name

Port

Protocol

sip-tcp

5060

SIP_TCP_PROTO

sip_any

5060

SIP_UDP_ANY

sip_any-tcp

5060

SIP_ANY_TCP_PROTO

Regards,

Yash

PhoneBoy
Admin
Admin

Ok, you're using the default handlers, which is a good starting point.

We limit the number of pending control connections to reduce the risk of a potential denial of service.

At a default of 50, this limit is set pretty low out-of-the box. 

At 400, you are well below the max limit of 25,000 (as documented in SK).

As such, I'd keep increasing it as mentioned in the SK.

cwilliams
Employee Alumnus
Employee Alumnus

Is there a way to monitor these pending control connections?

Seeing a similar issue where we increased gradually as documented in the SK, without seeing improvement. We then increased to 5,000 and have not seen the issue since, however we are looking to see where we are at with these connections.

Thanks in advance.

 

 

VENKAT_S_P
Collaborator

I too have the same question, how do I find  the current state once increased

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events