07-17-2006 10:41 AM - edited 03-09-2019 03:36 PM
Hello,
I am trying to get an idea of a recommended value for the embryonic sessions limit (tcp intercept) number for the nat and static statements on the FWSM. Any number between 0-65535 can be set, with the limit defaulting to 0 (unlimited embryonic sessions). In my mind, any number over 100 is excessive. Two hosts should be able to establish the three-way-handshake in a stable environment with well under 100 different attempts to send a packet with the SYN flag set in the TCP header. Has anyone else had experience with a 'good, safe' number to set the embryonic sessions limit? What impact is there, if any, to the FWSM memory consumption while acting as a connection proxy between two hosts?
Thanks for your time.
-m2
07-17-2006 12:33 PM
It really depends on the server, but usually I find 100 is enough. The only exceptions I've found are proxy servers etc where the firewall separates them from clients, where, 500 does the job.
I suggest setting it high (500), using "show local" to gauge a normal number of connections, and then set it to, say 10percent of that. If you get it wrong the log will tell you.
07-17-2006 12:44 PM
Grant,
Thanks for your reply and suggestions.
-m2
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: