I think I've got my answer, actually 3 out of 4 Ironport were still with the version 6.5.0. The one which is in 6.5.3 displays 52 connections.
Here is what I found in the release Note for the 6.5.3 update
Fixed: LDAP Connections Greatly Exceed the Maximum Specified in the LDAP Server Profile Previously, LDAP connections greatly exceeded the maximum specified in the LDAP server profile. For example, if you set the maximum LDAP connection to 10, then the system would open 30 connections: 10 for the IronPort Spam Quarantine, 10 for the end-user quarantine, and 10 for the end-user quarantine UI. The fix reduced end-user quarantine and end-user quarantine UI connections to one each. Now, for example, if you set the maximum LDAP connection to 10, then the system opens only 12 connections: 10 for the IronPort Spam Quarantine, 1 for the end-user quarantine, and 1 for the end-user quarantine UI. Or if external authentication is enabled, then the system opens 22 connections: 10 for external
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...