Re: [H/W] Cisco pfSense Replacement?

Author	All Replies
sporkme drop the crantini and move it, sister Premium,MVM join:2000-07-01 Netcong, NJ	reply to MattE Re: [H/W] Cisco pfSense Replacement? said by MattE : Nowhere near the 10000 limit. I've never seen it higher than 800 states, with 2-4% CPU usage and like 4% memory. Something is amiss then if every client login causes 300 outbound connections and you don't peak over 800 states. Just a handful of logins should bring you near the 10K default max - the state entries linger a bit. It certainly wouldn't hurt to bump that up to 50K or so to see what happens while you wait on the new hardware.
	to forum · permalink · · 2008-05-20 13:57:00 ·
MattE Obama '08 Premium join:2003-07-20 Jamestown, NC ·North State Commun.. ·Corporate Colocation	said by sporkme : said by MattE : Nowhere near the 10000 limit. I've never seen it higher than 800 states, with 2-4% CPU usage and like 4% memory. Something is amiss then if every client login causes 300 outbound connections and you don't peak over 800 states. Just a handful of logins should bring you near the 10K default max - the state entries linger a bit. It certainly wouldn't hurt to bump that up to 50K or so to see what happens while you wait on the new hardware. It actually happened again today. I'm talking with our developer now and it appears there is "retry logic" in the code that retries in a 5 batch loop, INDEFINITELY, if there is any sort of error. I think that is triggering the outbound issue. I was on the FW when it happened today and the states were hovering around 450, then the firewall log went crazy blocking connections outbound to the same individual destination IP from 2 of our servers.
	to forum · permalink · · 2008-05-20 14:15:36 ·


Friday, 05-Sep 23:50:11	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9 years online! © 1999-2008 dslreports.com. page compression OFF