CheckMates Fest 2025!
Join the Biggest Event of the Year!
Share your Cyber Security Insights
On-Stage at CPX 2025
Simplifying Zero Trust Security
with Infinity Identity!
Zero Trust Implementation
Help us with the Short-Term Roadmap
CheckMates Go:
What's New in R82
I would bump it to 250k or more. The point of the hard connections table limit is to protect other VSs on the system from resource exhaustion attacks against one VS. That is, if someone tries to fill up the connections table of your Internet VS, they won't also take down your interior VSs or the VS handling a second Internet connection. Ever since R67 (the first version to move to the 2.6 kernel), the connections table has been able to use many gigabytes of space, so the practical limit for the whole box is generally in the tens of millions of connections.
Unless you're running a hundred VSs on a box, or you're running with very little RAM, tiny tables don't protect you from anything. Instead, they just shoot you in the foot like this over and over as load increases.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
