what exactly happens when the firewall reaches the Session Count Limit? Discard the new sessions? and above all as regards the globalprotect VPNs are impacted?
In my scenario I have two 5250 PAs working in HA Active / Passive and corporate VPNs go through globalprotect, I was wondering what happens if the FW reaches the session limit.
Thanks in advance.
Hi @porq91 ,
I haven't managed to fill up the whole session table for any of my devices, so I am not 100%, but I believe you are correct - if the table is completely full firewall will probably start discarding new sessions with reason "resource-unavailable".
However before this happen, the "Accelerated Aging" feature should kick in. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cly9CAC
Basically if the session table utilization is above certain threshold, firewall will start aging out old session faster in attempt to free some space in the table.
Some interesting KBs about sessions and session timers.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!