VSX connection table limit

[munrog]

Hi folks,

Recently discovered (painfully) that in VSX, the connection table limit default size is set to 15,000 concurrent connections rather than the standard 25,000 in all other Check Point products.

Can anyone tell me where this should have been alerted? I can't see anything in the Check Point logs, only out-of-state packets. Perhaps I am looking in the wrong place...

Should this not have been reported in the OS's messages or dmesg file as well?

Platform was R62 on Xbeam.

Thanks in Advance.
Greg

[cpcpc]

I believe you should be able to see the connection limit change on SmartViewTracker. I remembered after creating a VS and push policy, there is a message in the log saying connection limit change from 25000 to 15000 (or similar).

[munrog]

Quote:

Originally Posted by cpcpc

I believe you should be able to see the connection limit change on SmartViewTracker. I remembered after creating a VS and push policy, there is a message in the log saying connection limit change from 25000 to 15000 (or similar).

Thanks but it wasnt the fact that the limit had been increased that I wanted to see. I wanted to see an alert when the connection table limit had been reached.

Cheers
Greg

[cpcpc]

I know that FW-1 R65 now has Aggressive Aging feature that does log the connection table/memory % full info in the syslog. However I don't think VSX has this feature yet...

[mylove142]

Hi all,
I use Crossbeam X40 + Checkpoint VSX NGAI v25. Now, I see the concurrent connections limit is 15000. Now, I want to change the concurrent connection limit. I know where I can change in the object_5_0.C. But I have one questions: with the memory of Crossbeam X40 is 512, how many concurrent connections limit I can set because If the connection exceeds memory, many following connections will be droped?
If you know the answer, please answer me early.
I have problem with the concurrent connection limit.
Thank you very much.
Duy Khang

[Routerkid1]

you need about 256mb for every 25000 connections.