Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 41 replies
  • Subscribers 2 subscribers
  • Views 121137 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Concurrent connections in UTM 9.312

stpfre
Hi,

after updating to the newest UTM Version 9.312-6, we noticed a constante rise of "concurrent connections", which stopped all our traffic last night, when the concurrent connections went up to 256000 and a "nf_conntrack: table full, dropping packet" message in the kernel.
Has anyone experienced the same problem or has an idea how to solve this?

Frank


This thread was automatically locked due to age.
Parents
  • 0
    Hi, Frank, and welcome to the User BB!

    You're the only one reporting this, so you probably will want to open a support case with Sophos.  Does a reboot help?

    Does, as root, 
    cc get packetfilter timeouts
     give the same result as follows?
    packetfilter->timeouts = {
    "ip_conntrack_generic_timeout" => 600,
    "ip_conntrack_icmp_timeout" => 30,
    "ip_conntrack_tcp_timeout_close" => 10,
    "ip_conntrack_tcp_timeout_close_wait" => 60,
    "ip_conntrack_tcp_timeout_established" => 86400,
    "ip_conntrack_tcp_timeout_fin_wait" => 120,
    "ip_conntrack_tcp_timeout_last_ack" => 30,
    "ip_conntrack_tcp_timeout_max_retrans" => 300,
    "ip_conntrack_tcp_timeout_syn_recv" => 60,
    "ip_conntrack_tcp_timeout_syn_sent" => 120,
    "ip_conntrack_tcp_timeout_time_wait" => 120,
    "ip_conntrack_udp_timeout" => 30,
    "ip_conntrack_udp_timeout_stream" => 180
    }

    Cheers - Bob
Reply
  • 0
    Hi, Frank, and welcome to the User BB!

    You're the only one reporting this, so you probably will want to open a support case with Sophos.  Does a reboot help?

    Does, as root, 
    cc get packetfilter timeouts
     give the same result as follows?
    packetfilter->timeouts = {
    "ip_conntrack_generic_timeout" => 600,
    "ip_conntrack_icmp_timeout" => 30,
    "ip_conntrack_tcp_timeout_close" => 10,
    "ip_conntrack_tcp_timeout_close_wait" => 60,
    "ip_conntrack_tcp_timeout_established" => 86400,
    "ip_conntrack_tcp_timeout_fin_wait" => 120,
    "ip_conntrack_tcp_timeout_last_ack" => 30,
    "ip_conntrack_tcp_timeout_max_retrans" => 300,
    "ip_conntrack_tcp_timeout_syn_recv" => 60,
    "ip_conntrack_tcp_timeout_syn_sent" => 120,
    "ip_conntrack_tcp_timeout_time_wait" => 120,
    "ip_conntrack_udp_timeout" => 30,
    "ip_conntrack_udp_timeout_stream" => 180
    }

    Cheers - Bob
Children
No Data