reaching Session Count Limit

cancel
Showing results for 
Search instead for 
Did you mean: 

reaching Session Count Limit

L1 Bithead

Hello,

 

what exactly happens when the firewall reaches the Session Count Limit? Discard the new sessions? and above all as regards the globalprotect VPNs are impacted?
In my scenario I have two 5250 PAs working in HA Active / Passive and corporate VPNs go through globalprotect, I was wondering what happens if the FW reaches the session limit.

 

Thanks in advance.

1 REPLY 1

Cyber Elite
Cyber Elite

Hi @porq91 ,

I haven't managed to fill up the whole session table for any of my devices, so I am not 100%, but I believe you are correct - if the table is completely full firewall will probably start discarding new sessions with reason "resource-unavailable".

 

However before this happen, the "Accelerated Aging" feature should kick in. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cly9CAC 

Basically if the session table utilization is above certain threshold, firewall will start aging out old session faster in attempt to free some space in the table.

 

Some interesting KBs about sessions and session timers.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVECA0

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRiCAK

 

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!