Number of concurrent connections shown in CPView Utility depends on the status of SecureXL
The command '
fwaccel stats' (counter "
C total conns") shows the connections in SecureXL FWAccel module.
The command '
fw ctl pstat' (counter "
Concurrent Connections") shows the connections in FW module.
CPView Utility is designed to show the actual amount of connections that currently pass through the Security Gateway. This counter is adjusted according to which Check Point kernel module is handling the traffic:
- When SecureXL is enabled, CPView Utility shows the connections from the SecureXL FWAccel module (run the command fwaccel stats | grep "C total conns")
- When SecureXL is disabled, CPView Utility shows the connections from the FW module (run the command fw tab -t connections -s and refer to #VALS column)
The difference in the number of connections when SecureXL is enabled or disabled is due to the fact that:
- SecureXL SIM module does not show certain connections - e.g., ClusterXL synchronization connections.
- FW module does not show certain connections - e.g., Delayed connections.
In addition, the big difference between the output of '
fwaccel conns -s' command and output of '
fwaccel stats | grep "C total conns"' is due to the fact that the command '
fwaccel conns -s' shows both Client-to-Server and Server-to-Client connections, while the command '
fwaccel stats grep "C total conns"'| compresses these connections into one connection.
No fix is required; the system is functioning as designed.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.