Author Topic: SSG 550 Resource Status - Yellow Sessions bar  (Read 4375 times)

mdsuser

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
SSG 550 Resource Status - Yellow Sessions bar
« on: March 21, 2010, 08:37:46 pm »
Hi

I have a Juniper SSG 550 with firmware version 6.0.0r3.0.

Since last week, on the Home page of the Juniper web interface under Resource Status, the sessions bar color is yellow - it says allocated 175360 and Maximum is 256064. I'm guessing that because the sessions has reached 70%.

My questions are:

1) What is a session?

2) How can I clear the session, if it's possible?

3) What happens when the sessions reached 100%?

4) Will my sessions keep increasing?


Thanks in advance for your help!!!!





mwdmeyer

  • Full Member
  • ***
  • Posts: 245
  • Karma: +0/-0
    • View Profile
    • Bluetrait
Re: SSG 550 Resource Status - Yellow Sessions bar
« Reply #1 on: March 21, 2010, 09:43:05 pm »
You can issue a "clear session all" from the command line, this will reset all connections across your firewall. So it might break any active SSH/Terminal Server sessions etc (Maybe FTP and downloads too) until you reconnect.

When you hit 100% of your sessions you will probably start experiencing connectivity issues or sessions being expired before they should be to allow the new sessions to connect.

You can easily limit the number of sessions in two ways:
1) You can setup a global zone session limit under Security -> Screening -> Screen -> "Source & Destination IP Based Session Limit"
2) You can setup a session limit per policy.

mdsuser

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: SSG 550 Resource Status - Yellow Sessions bar
« Reply #2 on: March 21, 2010, 10:36:01 pm »
Thanks for this reply

Applying a limit to the sessions or rebooting the firewall will not resolve this issue? Also if I limit the sessions, does that mean that some services/people won't be able to connect.

What i need to ascertain is

- Are there any ways to monitor what are the things contributing to the sessions?

- I'm still not sure what's the definition of a session? Is there a default timeout for a session?

- Is there any way to increase the sessions limit on the SSG 550?




mwdmeyer

  • Full Member
  • ***
  • Posts: 245
  • Karma: +0/-0
    • View Profile
    • Bluetrait
Re: SSG 550 Resource Status - Yellow Sessions bar
« Reply #3 on: March 21, 2010, 10:49:00 pm »
I don't believe there is a way to increase the SSG 550 session limit.

The SSG basically keeps track of all the connections going between it, each connection is a session. For example opening a telnet connection to a remote server would count as a session. P2P traffic can take thousands of sessions if there are lots of peers/seeds.

Have a look at this link:
http://www.juniperforum.com/index.php/topic,3656.0.html

You can use the program to tell you which IP addresses are using most of the sessions.

mdsuser

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: SSG 550 Resource Status - Yellow Sessions bar
« Reply #4 on: March 21, 2010, 10:49:13 pm »
Hi

Just wondering,

in the last couple of months i have created around 5 - 6 new custom TCP services for example SIP (5060) and I've configured the Timeout value for these services to Never

Do you think that might be contributing to the increase in the sessions?

This is just a pure guess, any expert answer would be appreciated!!!

Cheers

mdsuser

mwdmeyer

  • Full Member
  • ***
  • Posts: 245
  • Karma: +0/-0
    • View Profile
    • Bluetrait
Re: SSG 550 Resource Status - Yellow Sessions bar
« Reply #5 on: March 21, 2010, 10:50:08 pm »
Yes, you want a timeout! Otherwise the session is just going to stay there until you clear the sessions or reboot the device.

mdsuser

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: SSG 550 Resource Status - Yellow Sessions bar
« Reply #6 on: March 21, 2010, 10:55:40 pm »
Alright...thanks for that...I will change the timeout sessions this afternoon, and I will keep you posted. Hopefully that fixes the issue...


Thanks

mdsuser

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: SSG 550 Resource Status - Yellow Sessions bar
« Reply #7 on: March 22, 2010, 06:10:49 pm »
Sessions have gone down a little bit overnight, though the bar is still showing a warning yellow

Having changed the TimeOut values from Never to 30 mins for some services, I was hoping that would clear the sessions much more. Do you think I need to clear out the old sessions manually?