Why connections count of ASA is much more than PA's ?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Why connections count of ASA is much more than PA's ?

L2 Linker

Hi,

 

I use V-Wire between ASA and core switch.

I found the connections count of ASA is much more than PA's.

Does anyone know how to explain about this ?

 

Thanks.

 01.jpg

 

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

The asa may be counting the 'connections per second' while the PAN will show you 'number of concurrently active sessions'

 

for more details you can run '> show session info' from the CLI which may show you the packetrate may be closer to the details of the ASA:

 

 

> show session info
--------------------------------------------------------------------------------
Number of sessions supported:                    65534
Number of active sessions:                       20
Number of active TCP sessions:                   13
Number of active UDP sessions:                   7
Number of active ICMP sessions:                  0
Number of active BCAST sessions:                 0
Number of active MCAST sessions:                 0
Number of active predict sessions:               0
Session table utilization:                       0%
Number of sessions created since bootup:         1664505
Packet rate:                                     8/s
Throughput:                                      4 kbps
New connection establish rate:                   0 cps
--------------------------------------------------------------------------------

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

3 REPLIES 3

Cyber Elite
Cyber Elite

Someone can correct me if I remember this incorrectly, however the way the two devices report are different. I beleive the way the ASA reports is by rule hits while the PAN uses Sessions. So the ASA may have more than the PAN. I recall this when purchasing the current PAN's and trying to size them appropriatly.

 

 

funny, i usually experience the contrary

Cyber Elite
Cyber Elite

The asa may be counting the 'connections per second' while the PAN will show you 'number of concurrently active sessions'

 

for more details you can run '> show session info' from the CLI which may show you the packetrate may be closer to the details of the ASA:

 

 

> show session info
--------------------------------------------------------------------------------
Number of sessions supported:                    65534
Number of active sessions:                       20
Number of active TCP sessions:                   13
Number of active UDP sessions:                   7
Number of active ICMP sessions:                  0
Number of active BCAST sessions:                 0
Number of active MCAST sessions:                 0
Number of active predict sessions:               0
Session table utilization:                       0%
Number of sessions created since bootup:         1664505
Packet rate:                                     8/s
Throughput:                                      4 kbps
New connection establish rate:                   0 cps
--------------------------------------------------------------------------------

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 1 accepted solution
  • 5451 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!