Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1115
Views
0
Helpful
1
Replies

Connections on PIX used up.

lsimpson
Level 1
Level 1

‎04-25-2002 09:06 AM - edited ‎02-20-2020 10:02 PM

We have a Cisco Pix Firewall ( 2.7 we think ) that is limited to 256 connections from the inside to the outside.

We have occasionally seen it run out of connections. For a moment or two you just can't get out to your favorite web site. In the last few weeks it has gotten much worse, so much so, that automated communications between servers on the inside and outside have been failing. The problem appears to be that some web sites can open dozens of connections through the firewall before the user even clicks on anything. Also, some web sites seem to be able to hold open the connection long after the user has closed the window. The result is that 4 or 5 people looking at web sites can lock up all the capacity through the firewall. We've set the expiration on the connections to 20 minutes but any shorter we will interfere with legitimate telnet sessions. Any ideas?

0 Helpful
1 Reply 1

Philip D'Ath
VIP Alumni
VIP Alumni

‎04-29-2002 03:22 AM

Two ideas;

1. Reduce the xlate timeout. This should not affect telnet sessions, unless they are left idle.

timeout xlate 0:05:00

2. Do something to reduce the number of TCP connections - put in a proxy server, for example.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card