Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
09-04-2013 09:10 PM
Hello,
I am testing about VM-FW on ESXi environment.
But Traffic from VMs don't go through Internet.
There is VM-FW between VMs and Internet.
So I have checked PCAP and packet filtering.
I have seen all packet drop.
Drop count name is 'flow_meter_host_throttle '
This count description is 'Session metering: sessions throttled by management session threshold'
What is this count?
And How way does this problem resolve?
Thanks
09-04-2013 10:56 PM
The low session limit is caused by not having a VM series license installed. When the VM does not have a license installed a small amount of sessions are allowed for initial configuration and testing purposes. Once a valid VM series license is applied the appropriate session limits will be enforced based on the capacity of the license.
Verify on the Device tab -> Licenses that an auth code has been applied.
There was an issue in PAN-OS 5.0.0 where a VM series without a license applied would not allow any sessions to be created at all. This issue was fixed in a later maintenance release.
09-04-2013 09:26 PM
'flow_meter_host_throttle ' - This means that the system is out of sessions and is dropping them due to the session table being full.
No new sessions would be created under such circumstances. You can check the output of -
>"show session meter" to verify the same.
09-04-2013 09:43 PM
Thanks, harshanatarajan.
'show session meter' cli command output as below
admin@PA-VM> show session meter
--------------------------------------------------------------------------------
VSYS Maximum Current Throttled
--------------------------------------------------------------------------------
1 200 0 0
--------------------------------------------------------------------------------
admin@PA-VM>
09-04-2013 09:52 PM
Hello Cheon,
This output means,
1. This firewall can support max 200 active concurrent session.
2. There are no active session at this point of time.
3. There is no session table overflow ( the system is out of sessions and is dropping them due to the session table being full )
You can apply below mentioned command to verify System Limits.
>show system state filter cfg.general.max*
Thanks
09-04-2013 10:28 PM
Is the 'flow_meter_host_throttle ' counter continuously incrementing ?
Can you paste the output of show session info when the issue is happening.
09-04-2013 10:56 PM
The low session limit is caused by not having a VM series license installed. When the VM does not have a license installed a small amount of sessions are allowed for initial configuration and testing purposes. Once a valid VM series license is applied the appropriate session limits will be enforced based on the capacity of the license.
Verify on the Device tab -> Licenses that an auth code has been applied.
There was an issue in PAN-OS 5.0.0 where a VM series without a license applied would not allow any sessions to be created at all. This issue was fixed in a later maintenance release.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
