This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Concurrent Connections - what happens when you hit the limit

Hi all,

I have recently upgraded my Astaro 6.311 to 7.009 and I can see that there is a major reduction on the allowed concurrent connections from 32000 to 1000.

Does anyone knows what happens when you hit the concurrent connections limit ? Will the traffic then just be queued which then for example could result in high ping times / lag when I am gaming ?

Kind regards,
Lars-Heine


This thread was automatically locked due to age.
Parents
  • You must be using a home license...

    After you hit the connection limit, new connections are refused until the old ones time out / go away.  Most home users (and indeed, small businesses I service as well) never get near the limit... I have heard those folks using file sharing programs do sometimes, however.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • Thanks for your answer BrucekConvergent. I'm already returning to Astaro 6.311 as the 1000 is not enough for me apparantly.

    I have tried to run on 7.009 with the 1000 but I am over the limit often, so that's no good. What a bugger - I really really really like the anti-spam in v7 as it filters most of the spam for my domain.

    Thanks,
    Lars-Heine
  • The equivalent commercial license, a 10 User ASL license, ups the concurrent connections to 32,000 connections... I feel safe in assuming this is to keep people from using a free home license for commercial purposes (which I have caught some customers trying to do with other products before).

    Unfortunately, I think many peer to peer services (like BitTorrent, etc.) trigger many inbound connection attempts, using up the 1000 connection limit pretty fast... I'm not sure what could be changed to improve the situation, without Astaro running the risk of having some users violating their home license user agreements by using their system for business or commercial purposes.  Just regular web surfing, email traffic, IM, etc. that home users normally use on a day to day basis shouldn't exceed a 1000 connection limit... however, hosting a web site, etc. could.  I know I really don't go over 100 with 2 people on at home.. and have several customers with 50 employees that never go above 300 or so at a time... but we block Peer to Peer networks etc. as a matter of good business practice.

    As far as the connection timeout period (for "abandoned" connections), I'm really not sure what that timeout would be.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • I can't imagine how 1000 connections isn't enough for home use. If the high connection count is caused by P2P apps, perhaps those connection limits need to be significantly reduced. Here are some peak connection counts for some of our production firewalls:

    1. A handful of lightly used web servers, mail servers, a dozen users (including a bittorrent client). Max 1.25k connections over the past day. Biggest peak is 3.15k.
    2. Medium load web site peaks at 15k connections.
    3. Light load web site peaks at 4k connections.
    4. Light web site, mail server and 150 users peaks around 25k (likely when some P2P apps were being used).

    I imagine that upping the limit to 1500-2000 connections would keep most P2P situations happy for home users as long as they configure them properly to keep the number of connections down.
  • My experience with all sorts of different customer sites concurs with dree's personal experience...

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • My experience with all sorts of different customer sites concurs with dree's personal experience...

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
No Data