Hi,

damirdukaric · ‎06-19-2017

Hello,

we are planning to turn on TLS connections on all inbound/outbound messages. All we found is this information

As a rough estimate, a single TLS connection requires the same amount of server resources as ten clear text conversations. The actual impact to your IronPort appliance will vary based on how many simultaneous TLS connections it must handle. To mitigate the performance impact, there is a limit to the number of TLS connections the IronPort appliance will allow. Currently the limit is 100 inbound and 100 outbound TLS connections.

Our question is, where and how can we incerase this 100 inbound/outbound connection limit? Do we need to incerase it after all?

Thank you.

br

Damir

Libin Varghese · ‎06-19-2017

Hi,

Recommendation would be not to stray much from the default configuration to prevent high usage due to TLS connections.

In general, there are two different system wide TLS concurrency limits configured on the appliance: for inbound TLS you can find the maximum number of concurrent TLS connections in the global settings of the listener (GUI: Network > Listeners), and for outbound TLS you can review the delivery settings via Command Line Interface running the 'deliveryconfig > SETUP' command.

TLS connection limit exceeded warning are generated from the appliance if the number of connections exceed beyond the current configuration. Connections after the limit exceeds would be treated as soft bounces and hence they would automatically deliver again once connection is available.

Thank You!
Libin Varghse

Cisco ESA Virtual appliance TLS limit