Firewall Connection Table Limit Approaching or Reached – Check Point Firewall Alerts

This is a real life sample alert from the indeni Check Point Firewall configuration guide. 

Description:

There are 248742 concurrent connections while the limit is 250000. The connection table limit should be increased to ensure uninterrupted operation.

Manual Remediation Steps:

Upgrading to the GAIA OS can resolve the need to set a connection table limit. If you decide to remain on IPSO, however, consider the following:

In many cases, a sudden spike in connections has been attributed to a worm or misbehaving application. If you have ruled this out, consider the following solutions:

  1. Locate the maximum concurrent connections setting for the firewall (normally found in the object’s properties) and increase the value. The increase should be done gradually and with care as it will also increase the memory usage of the firewall.
  2. Turn on Aggressive Aging to have connections removed as quick as possible.
  3. In the SmartDashboard, go to Policy->Global Properties and in the Stateful Inspection tab reduce the TCP end timeout to 5 seconds. Please refer to the firewall’s user manual for more information on what the TCP end timeout is.

How does this alert work?

indeni tracks the number of entries in the connections table, using “fw tab connections -s”.

Leave a Reply