Lot of Session Clash on SSL VPN Traffic

Author
abalak
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/03/23 16:26:33
  • Status: offline
2020/03/24 07:16:08 (permalink)
0

Lot of Session Clash on SSL VPN Traffic

Hi,
 
We found a lot of session clash on the event, this session clash mostly traffic from SSLVPN to internal as we did NAT using interface from SSLVPN Tunnel to internal. I know that session clash is caused by PAT Exhausted. But concurrent session is no more than 4000, how come the PAT exhausted? since there are 60,416 available port numbers per IP.
Is there any impact caused by this clash? i found some traffic from vpn is dropped but not sure whether caused by this clash or not
========
diagnose sys session stat
misc info:       session_count=4621 setup_rate=14 exp_count=75 clash=69693
        memory_tension_drop=0 ephemeral=0/1114112 removeable=0
        npu_session_count=166
        nturbo_session_count=138
delete=14194, flush=26, dev_down=113/221 ses_walkers=0
TCP sessions:
         75 in NONE state
         997 in ESTABLISHED state
         4 in SYN_SENT state
         18 in SYN_RECV state
         21 in FIN_WAIT state
         65 in TIME_WAIT state
         30 in CLOSE state
         13 in CLOSE_WAIT state
firewall error stat:
error1=00000000
error2=0000994b
error3=00000000
error4=00000000
tt=00000000
cont=01c41e2a
ids_recv=0df477ce
url_recv=00000000
av_recv=02d895bb
fqdn_count=0000002b
fqdn6_count=00000000
global: ses_limit=0 ses6_limit=0 rt_limit=0 rt6_limit=0
========
 
 
Does anyone here have any ideas?
#1
Jump to:
© 2020 APG vNext Commercial Version 5.5