The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
|
How Connections Table limit capacity behaves in CoreXL
|
Technical Level
|
| Solution ID |
sk35990 |
| Technical Level |
|
| Product |
CoreXL |
| Version |
All |
| OS |
SecurePlatform, SecurePlatform 2.6, Gaia, IPSO 6.2, Crossbeam COS, Crossbeam XOS |
| Platform / Model |
All |
| Date Created |
03-Oct-2008
|
| Last Modified |
23-May-2018
|
Symptoms
- Aggressive Aging is activated in IPS profile, or new connections may be dropped for the reason that the Connections Table is full when a given CoreXL Firewall instance has far fewer connection entries than the Connections Table limit, or the 80% threshold to activate Aggressive Aging as seen in the output of '
fw ctl multik stat' command.
Cause
CoreXL cumulatively counts the number of connections across all running CoreXL Firewall instances. This counter value is used to enforce Aggressive Aging when it is activated, and when the Connection Table is full, based upon the Connections Table limit defined for the Security Gateway in SmartDashboard.
Solution
No fix is required; the system is functioning as designed.
CoreXL limits the Connections Table capacity to the value defined for the Security Gateway in SmartDashboard, and is not impacted by the number of running CoreXL Firewall instances.
Related solutions:
