Controllerless Networks

 View Only
last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

How to know feature active firewall session is enough for organization

This thread has been viewed 23 times

  • 1.  How to know feature active firewall session is enough for organization

    Posted May 12, 2022 10:54 AM
    Hi 
    in datasheet Aruba controller series 7000 have a feature active firewall session 64k , I want to know how many concurrent active session. what command or menu web interface to show this active firewall session concurrent in real time.

    Best Regards 
    Nattaphoom

    ------------------------------
    Nattaphoom Kangsri
    ------------------------------


  • 2.  RE: How to know feature active firewall session is enough for organization

    EMPLOYEE
    Posted May 19, 2022 11:40 AM
    Easiest is the show datapath session counters command:
    (md7010) #show datapath session counters

+----+-------+-----------------------------------------------------+
|SUM/|       |                                   |                 |
|CPU |  Addr | Description                                   Value |
+----+-------+-----------------------------------------------------+
|    |       |                                                     |
| G  | [000] | Current Entries                                1800 |
| G  | [001] | High Water Mark                                5076 |
| G  | [002] | Maximum Entries                               65536 |
| G  | [003] | First packet classified entries             7959502 |
| G  | [004] | First packet classification mismatc         1481180 |
| G  | [005] | Total Entries                             108259402 |
| G  | [007] | Duplicate Entries                                 4 |
| G  | [009] | Current Max link length                           3 |
| G  | [010] | Max link length                                   6 |
| G  | [011] | Collision list with link len 0                  906 |
| G  | [012] | Collision list with link len 1                  102 |
| G  | [013] | Collision list with link len 2                  102 |
| G  | [014] | Collision list with link len 3                    1 |
| G  | [032] | Entries used in link len calc                  1111 |
| G  | [033] | Stale Entries                                   266 |
| G  | [034] | Aged Entries                              104366806 |
| G  | [041] | Pending Delete Entries                          479 |
| G  | [048] | DPI Info Tbl Idx Mismatch                         2 |
| G  | [049] | DPI Info Tbl Idx Overwritten                      2 |
| G  | [052] | DPI Info Tbl Idx Freed for rev                    2 |
| G  | [058] | DPI Tbl Idx Alloc                          56831859 |
| G  | [059] | DPI Tbl Idx Free                           56830947 |
+----+-------+-----------------------------------------------------+​

    First three lines are relevant, in this example you see 1800 active sessions, where the peak value was 5076 and the max is 64k (65536). If peak/high water mark is below the maximum, you are good.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 3.  RE: How to know feature active firewall session is enough for organization

    Posted May 20, 2022 02:12 AM
    Hi Herman Robers

    Thank you for your answer, I have a one question. this session show on your capture command is only active firewall feature right? or this is overall session in firewall

    do you have a document output parameter of 'show datapath session counters' like this capture in below


    ------------------------------
    Nattaphoom Kangsri
    ------------------------------

    Original Message


  • 4.  RE: How to know feature active firewall session is enough for organization

    EMPLOYEE
    Posted May 20, 2022 10:08 AM
    I'm not sure if I ever seen such an overview. However for the current/high/max sessions you can replace tunnels by firewall sessions to get a proper description of the value. Typically I don't use these other numbers, they may be relevant for troubleshooting and Aruba Support knows how to interpret them.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message