08-27-2018 02:34 AM - edited 02-21-2020 08:09 AM
Hi,
I'm running FTD 6.2.3.3 (Build 76) and the 'show conn count' output now includes figures for the 'snort preserve-connection' feature which is enabled by default in 6.2.3. My output shows a figure of over 28M for enabled, and a similar figure for max-enabled. I've 100K connections through the device.
show conn cou
105257 in use, 135542 most used
Inspect Snort:
preserve-connection: 28096416 enabled, 251 in effect, 28096428 most enabled, 9306 most in effect
The enabled figure contsantly rises e.g. last week it was 19M and the max-enabled was about 19M also. Can anyone tell me if that enabled figure is correct or is there a potential bug?
Regards,
Piaras Walsh
Solved! Go to Solution.
08-27-2018 03:49 AM
08-27-2018 03:49 AM
11-05-2018 09:20 PM
@Mohammed al Baqari, just want to ask because i have an issue regarding constant SNORT CPU high utilization and the TAC said it is somehow related to this snort preserved-connection. Do you have any experiences before that when I have a lot of preserved-connections the CPU will go high? thanks
11-05-2018 09:46 PM
Hi, Check with TAC may be you are hitting with below bug, this is not visible to customer.
CSCvj83264
HTH
ABHEESH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide