Capacity Optimization

[switzer]

We currently have a problem with our firewall having to be reset every few hours - while awaiting an engineer we have looked at the logs and have increased capacity optimization to 50000 from 25000 this seems to help as
it lasted about 5 hours instead of 2.
1 Are there any issues we should be aware of when we try this ?
2. Cant see anything else we can do -
We are looking at recently installed rules etc .....
This is what we saw on the logs -
FW-1: WARNING: The connections table is 80% full.
Sep 6 13:03:42 CRUK-1 [LOG_CRIT] kernel: New connections will be dropped once the connection table reaches
Sep 6 13:03:42 CRUK-1 [LOG_CRIT] kernel: full capacity. Please consider increasing the connections table limit.
Any other ideas to increase the time between fall overs while we get
a CP engineer in.

[Robby Cauwerts]

Something is setting up a lot of connections.

1)In the SmartView Tracker select the "Active" tab.
Monitor the new connections that are being setup.
See if you can find if they have something in common (same source).

2)If you have an SmartView Monitor license you can easily track the host that is causing the problem using the build in queries.
If you don't have the license request a demo license.

Might be a broken application on your network, ...

Br.
Robby

[cpcpc]

Use this to check the limit you set is actually working on the modules:
fw tab -t connections | grep limit

You can check the traffic using this:
fw tab -t connections -s -f

If you properly set up Max concurrent connection, it can prevent "out of memory". This is a protection.

[abusharif]

check connections, is it legit traffic?
use network quota in smartdefense if applicable
increase max connections if step above doesnt help (take memory in consideration)

[chillyjim]

After you go through all of the above to figure out the cause, if it turns out you are just being attacked OR its legal traffic, upgrade to R65 and enable "Aggressive Aging" (See the release notes for details).