Session Utilization Full

[How to run the NSM GUI under Mac OS X]

How to run the NSM GUI under Mac OS X
How to setup a route-based VPN on a NetScreen
How to make your PPTP VPN client work through a NetScreen/SSG
Setting up a dial-up VPN and NetScreen Remote
How the Global Zone Works (It's probably not what you think)
How to configure NetScreen/SSG devices to work with the built in Mac OS X VPN client
How to Configure Dial-up VPN with route-based tunnels, XAuth, and use IPSecuritas

[biosphere]

Hi All,

Not sure whether you all have encounter this; lately i've been encounter our screenOS V5.3 have the issues of reaching the session utilization full very fast. just want seek confirmation on this from all of you, whether this is the screenOS problem or other problem. Has anybody enocuntered the same issue as mine ?, just would like to seek advice from all of you, any suggestion for this issue, thanks in advance.

[signal15]

Did you put in any custom services and set the session timeout to never?

I had a client make an "any" service with no timeout and permitted traffic to a host.  Someone portscanned the host, and it immediately used up all the sessions.  Check your services.

[biosphere]

Hi Signal15,

Thanks for your reply and advice. Just would like to seek your advice on this; for us currently we so have few custom services created, but it's not in use and we've set all timeout value to 30. btw, for your info, we do have and e-mail system running on MS exchange and AD, and we have a rule with particular high traffics which is the rule created for this exchange and AD traffics. (out of 4000+ session available, and AD and exchange traffics is using 2400+ and is increasing, and abt the AD port that's using, they are using RPC and the port range for that service is very large)

Do you think this is a MS exchange and AD connection bugs that caused this?, and just to seek your advice and suggestion, is there any solution we can try out to resolve this issue?

Your advice is very much apprecited, Thanks a lot in advance.

[signal15]

Can you run your session data through http://tools.juniper.net/fsa/

The timeout value is 30 on the exchange service object?  Can you double check that?  How many clients are accessing exchange at any given time?  Has it always been like this or did it just start doing it?

[joekim13]

it could be that those are legitimate session count and you just need a higher end box 

•      Forum/Home
•      Store
•      Articles
•        Tech Articles
•        Industry News
•        Site News
•      Knowledgebase
•        JUNOS/Routing
•        NS/ISG/SSG/NSM
•        SSL VPN
•      Downloads

Please consider donating if we've saved you time or money. It helps pay for the bandwidth, equipment, and hosting charges to keep this site running

Submit Article/KB - Do not submit questions here.

[Today]

• Screening Spam by Joe Vallender [Today at 07:03:09 AM]
• Intrazone Policies by mknll [Today at 06:34:20 AM]
• Two ISPs and one DMZ by mulopaari2 [Today at 06:21:05 AM]
• Problem logging into my n... by fujisan [Today at 04:51:24 AM]
• VPN to cisco pix with two... by Watcher60 [Today at 04:38:27 AM]
• www.nikeincome.com cheap ... by xu_zhongying100 [Today at 02:30:17 AM]
• www.nikeincome.com cheap ... by xu_zhongying100 [Today at 02:29:08 AM]
• www.nikeincome.com cheap ... by xu_zhongying100 [Today at 02:27:32 AM]
• sell nike jordan fusion ... by xu_zhongying100 [Today at 02:25:15 AM]
• sell nike jordan fusion ... by xu_zhongying100 [Today at 02:22:32 AM]

Members

• Total Members: 22514
• Latest: Deepy

Stats

• Total Posts: 40575
• Total Topics: 11249
• Online Today: 77
• Online Ever: 393
• (August 06, 2008, 07:40:57 AM)

Users Online

Users: 3
Guests: 62
Total: 65

federico.basso
mky2
Deepy