Firewall connections table size for Security Gateway
Description
Firewall connections table default size per SGM is set automatically with the following values, regardless of SmartDashboard configuration:
- SGMs with 12G RAM: 3,500,000
- SGMs with 24G RAM: 7,000,000
This behavior aims to minimize the additional settings, required by customer before deployment.
Note - setting the maximum limit for concurrent connections to Automatically (in the SmartDashboard Gateway object > Capacity Optimization) is not supported.
Configuration
To set a different value, instead of 3.5M/7M, run:
# fw ctl set int fwconn_tab_limit_user <new value, e.g. 4000000>
# update_conf_file fwkern.conf fwconn_tab_limit_user=<new value, e.g. 4000000>
# Install policy
Deactivation
To restore legacy behavior and configure firewall connections table size, from SmartDashboard , run:
# update_conf_file fwkern.conf fwconn_tab_limit_from_policy=1
# reboot -b all
Verification
To verify firewall connections table size run:
# fw tab -t connections -m 1
And check limit attribute in each SGM.
Example
fw tab -t connections -m 1
1_01:
localhost:
-------- connections --------
dynamic, id 8158, attributes: keep, sync, aggressive aging, kbufs 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35, expires 25, refresh, limit 3500000, hashsize 4194304
1_02:
localhost:
-------- connections --------
dynamic, id 8158, attributes: keep, sync, aggressive aging, kbufs 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35, expires 25, refresh, limit 3500000, hashsize 4194304
|