01-04-2017 03:47 AM - edited 03-12-2019 01:43 AM
Hello All,
We have Cisco ASA in production environment on which i see the connection count more than 300000 which is more than usual which we observe.
Kindly let me know is this normal or is there any way to reduce it.
Also if i clear the connection is that going to reduce the number of connections.
Thanks
01-04-2017 10:06 AM
The number of connection solely depends on your workload. 300k sessions sounds kinda high but you might want to check the connection table for idle sessions (maybe you have configured a service-policy to set tcp timeouts > 60 minutes which might explain why many sessions are still open that should already be closed).
Writing a small script to check which hosts got the most sessions open might help determine where all the open connections are coming from.
In any case you could try clearing your connection table using clear conn and observe the growth. Keep in mind that your tcp sessions will be closed and must be re-opened!
01-04-2017 10:28 PM
Thanks for the reply,
In our case we have a Web Server and the number of Active Users accessing the Server simultaneously are around 15-18k...so in that case is it normal to have such connections?
I did cleared the connections however after 15-20 mins it crossed the 300k mark again.
Kindly suggest next step?
Thanks for your help.
01-04-2017 10:45 PM
Stats:
CiscoASA# show threat-detection rate scanning-threat
Average(eps) Current(eps) Trigger Total events
10-min Scanning: 43 44 25253 26110
1-hour Scanning: 39 44 54649 142715
01-07-2017 03:02 AM
The number of connection solely depends on your workload. 300k sessions sounds kinda high but you might want to check the connection table for idle sessions (maybe you have configured a service-policy to set tcp timeouts > 60 minutes which might explain why many sessions are still open that should already be closed).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide