How Connections Table limit capacity behaves in CoreXL
||SecurePlatform, SecurePlatform 2.6, Gaia, IPSO 6.2, Crossbeam COS, Crossbeam XOS
|Platform / Model
- Aggressive Aging is activated in IPS profile, or new connections may be dropped for the reason that the Connections Table is full when a given CoreXL Firewall instance has far fewer connection entries than the Connections Table limit, or the 80% threshold to activate Aggressive Aging as seen in the output of '
fw ctl multik stat' command.
CoreXL cumulatively counts the number of connections across all running CoreXL Firewall instances. This counter value is used to enforce Aggressive Aging when it is activated, and when the Connection Table is full, based upon the Connections Table limit defined for the Security Gateway in SmartDashboard.
No fix is required; the system is functioning as designed.
CoreXL limits the Connections Table capacity to the value defined for the Security Gateway in SmartDashboard, and is not impacted by the number of running CoreXL Firewall instances.