Firewall connections table size for Security Gateway

Description

Firewall connections table default size per SGM is set automatically with the following values, regardless of SmartDashboard configuration:

• SGMs with 12G RAM: 3,500,000
• SGMs with 24G RAM: 7,000,000

This behavior aims to minimize the additional settings, required by customer before deployment.

Note - setting the maximum limit for concurrent connections to Automatically (in the SmartDashboard Gateway object > Capacity Optimization) is not supported.

Configuration

To set a different value, instead of 3.5M/7M, run:

# fw ctl set int fwconn_tab_limit_user <new value, e.g. 4000000>

# update_conf_file fwkern.conf fwconn_tab_limit_user=<new value, e.g. 4000000>

# Install policy

Deactivation

To restore legacy behavior and configure firewall connections table size, from SmartDashboard Gateway Properties > Capacity Optimization >Maximum concurrent connections, run:

# update_conf_file fwkern.conf fwconn_tab_limit_from_policy=1

# reboot -b all

Verification

To verify firewall connections table size run:

# fw tab -t connections -m 1

And check limit attribute in each SGM.

Example

fw tab -t connections -m 1

1_01:

localhost:

-------- connections --------

dynamic, id 8158, attributes: keep, sync, aggressive aging, kbufs 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35, expires 25, refresh, limit 3500000, hashsize 4194304

1_02:

localhost:

-------- connections --------

dynamic, id 8158, attributes: keep, sync, aggressive aging, kbufs 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35, expires 25, refresh, limit 3500000, hashsize 4194304