Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

Firewall connections table size for Security Gateway

Description

Firewall connections table default size per SGM is set automatically with the following values, regardless of SmartDashboard configuration:

  • SGMs with 12G RAM: 3,500,000
  • SGMs with 24G RAM: 7,000,000

This behavior aims to minimize the additional settings, required by customer before deployment.

Note - setting the maximum limit for concurrent connections to Automatically (in the SmartDashboard Gateway object > Capacity Optimization) is not supported.

Configuration

To set a different value, instead of 3.5M/7M, run:

# fw ctl set int fwconn_tab_limit_user <new value, e.g. 4000000>
# update_conf_file fwkern.conf fwconn_tab_limit_user=<new value, e.g. 4000000>
# Install policy

Deactivation

To restore legacy behavior and configure firewall connections table size, from SmartDashboard Gateway Properties > Capacity Optimization >Maximum concurrent connections, run:

# update_conf_file fwkern.conf fwconn_tab_limit_from_policy=1
# reboot -b all

Verification

To verify firewall connections table size run:

# fw tab -t connections -m 1

And check limit attribute in each SGM.

Example

fw tab -t connections -m 1

1_01:
localhost:
-------- connections --------
dynamic, id 8158, attributes: keep, sync, aggressive aging, kbufs 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35, expires 25, refresh, limit 3500000, hashsize 4194304

1_02:
localhost:
-------- connections --------
dynamic, id 8158, attributes: keep, sync, aggressive aging, kbufs 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35, expires 25, refresh, limit 3500000, hashsize 4194304
 
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print