What is the 'Session metering: sessions throttled by management session threshold' on drop count?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What is the 'Session metering: sessions throttled by management session threshold' on drop count?

L4 Transporter

Hello,

I am testing about VM-FW on ESXi environment.

But Traffic from VMs don't go through Internet.

There is VM-FW between VMs and Internet.

So I have checked PCAP and packet filtering.

I have seen all packet drop.

Drop count name is 'flow_meter_host_throttle '

This count description is 'Session metering: sessions throttled by management session threshold'

What is this count?

And How way does this problem resolve?

Thanks

1 accepted solution

Accepted Solutions

L4 Transporter

The low session limit is caused by not having a VM series license installed.  When the VM does not have a license installed a small amount of sessions are allowed for initial configuration and testing purposes.  Once a valid VM series license is applied the appropriate session limits will be enforced based on the capacity of the license.

Verify on the Device tab -> Licenses that an auth code has been applied.

There was an issue in PAN-OS 5.0.0 where a VM series without a license applied would not allow any sessions to be created at all.  This issue was fixed in a later maintenance release.

View solution in original post

5 REPLIES 5

L4 Transporter

'flow_meter_host_throttle ' - This means that the system is out of sessions and is dropping them due to the session table being full.

No new sessions would be created under such circumstances. You can check the output of -

>"show session meter"  to verify the same.

Thanks, harshanatarajan.

'show session meter' cli command output as below

admin@PA-VM> show session meter

--------------------------------------------------------------------------------

VSYS          Maximum         Current       Throttled

--------------------------------------------------------------------------------

1                 200               0               0

--------------------------------------------------------------------------------

admin@PA-VM>

Hello Cheon,

This output means,

1. This firewall can support max 200 active concurrent session.

2. There are no active session at this point of time.

3. There is no session table overflow ( the system is out of sessions and is dropping them due to the session table being full )

You can apply below mentioned command to verify  System Limits.

>show system state filter cfg.general.max*

How to Display System Limits

Thanks

Is the 'flow_meter_host_throttle ' counter continuously incrementing ?

Can you paste the output of show session info when the issue is happening.

L4 Transporter

The low session limit is caused by not having a VM series license installed.  When the VM does not have a license installed a small amount of sessions are allowed for initial configuration and testing purposes.  Once a valid VM series license is applied the appropriate session limits will be enforced based on the capacity of the license.

Verify on the Device tab -> Licenses that an auth code has been applied.

There was an issue in PAN-OS 5.0.0 where a VM series without a license applied would not allow any sessions to be created at all.  This issue was fixed in a later maintenance release.

  • 1 accepted solution
  • 6264 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!