What is a Netscreen session? - Firewalls

This is a discussion on What is a Netscreen session? - Firewalls ; We're going to be moving from an old Netscreen 10 to a nice new Netscreen 5 extended edition. Our current Netscreen 10 is running out of sessions and then dropping connections. It's session limit is listed as 4096 though 3700 ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: What is a Netscreen session?

  1. What is a Netscreen session?

    We're going to be moving from an old Netscreen 10 to a nice new
    Netscreen 5 extended edition. Our current Netscreen 10 is running out
    of sessions and then dropping connections. It's session limit is listed
    as 4096 though 3700 something appears to be it's real limit.

    We have less than 200 folks on at a time, so I'm curious what the
    Netscreen calls a "session". Even with a two minute session timeout,
    we're still running out of sessions.

    Are we going to be any better off with the Netscreen 5? It supposedly
    tops out at 4096 sessions also.

    Yes, I've looked for computers opening too many sessions like it is
    spamming but didn't find anything. It just seems like a client doesn't
    reuse the same session but instead is given a new one.

    Thanks.

    Dave


  2. Re: What is a Netscreen session?

    DaveInPNG wrote:

    > We're going to be moving from an old Netscreen 10 to a nice new
    > Netscreen 5 extended edition. Our current Netscreen 10 is running out
    > of sessions and then dropping connections. It's session limit is listed
    > as 4096 though 3700 something appears to be it's real limit.
    >
    > We have less than 200 folks on at a time,


    200 machines/users is far too much for any SOHO box and a Netscreen 5 is a
    SOHO box.

    > so I'm curious what the
    > Netscreen calls a "session".


    Probably simply an entry in the state table.

    > Even with a two minute session timeout,
    > we're still running out of sessions.


    Which is absolutely normal if one takes into consideration that surfing can
    create 50 or more tcp connections per page.

    > Are we going to be any better off with the Netscreen 5? It supposedly
    > tops out at 4096 sessions also.


    No, for 200 machines/users you need a serious box, not a SOHO model.

    Wolfgang

    > Yes, I've looked for computers opening too many sessions like it is
    > spamming but didn't find anything.


    Just looi at the HTML source of any web page and count the number of tcp
    connections a single page request will generate and then think again.

    > It just seems like a client doesn't
    > reuse the same session but instead is given a new one.


    which is just normal for tcp ...

    Wolfgang

+ Reply to Thread