Maximum sessions per host (1000) was exceeded (count=255)
PhilippeBkk
Posts: 13 Freshman Member
in Security
My log are currently full of warn message that indicate: Maximum sessions per host (1000) was exceeded (count=255)
This all come from external IP adresses (a lot of different IP, from a lot of different countries( pointing to my ISP fix IP adress. How bad it is and how can I fix that?
This all come from external IP adresses (a lot of different IP, from a lot of different countries( pointing to my ISP fix IP adress. How bad it is and how can I fix that?
0
All Replies
-
Hi @PhilippeBkk,
What’s your device model and firmware version?
Please make sure about following rules;
2- Enable security policy rule for WAN_to_Device under Policy Control menu
3- Choose which services you want to allow from External to Zyxel Device:
Configuration > Object > Service > Service Group > System Default Allow From WAN To ZyWALL
1 -
HEllo and many thanks for your comment and help
Firwmawere is latest and policy rules already enabled.
This problem appear only since last week
To block quicker I have made this rule but I am not sure if it helps
but log are still the same, full in few minutes mostly to the WAN of ISP10 -
PhilippeBkk,
To has a better protection. It's not a good ideal to allow access the DNS service on your firewall from Internet.
Also, for HTTP or HTTPs to access firewall management Web GUI should only allow access from a limited source IP addresses instead of open to all.
1 -
Thanks for the advice. Will do, But this is not related to my current issue isn't it?
(For testing I remove HTTP-HTTPS and DNS; still the same issue with log full in few minutes)
What I do not get it that, for my understanding, session host limit is supposed to regulate session of host, which I believe should be from internal of our network, in the idea of sharing the ressources and not one user taking all
I do not understand how an external IP is considered as host ? Apparently there is something I miss.
Also, is it a real issue to have all of this warning?
Last, if it is not an particular issue, still remain the fact it fill up my logs in minutes and I cannot find a way to remove those log warning. Is there a way?
Thanks in advance0 -
for my understanding, session host limit is supposed to regulate session of host, which I believe should be from internal of our network, in the idea of sharing the resources and not one user taking allI do not understand how an external IP is considered as host ?
I never change the session limit default settings so that won't think about this question.
After some testing on my ZyWALL110. Look like it check all the sessions no matter from LAN to Internet or Internet to ZyWALL/LAN will hit the limit.
Not sure what's Zyxel though of this design and use cases for Internet to LAN.
1 -
Thanks for your insight. I also never change it until 2 weeks ago when I started to have huge amount of logs0
-
Hi @PhilippeBkk, @zyman2008,
Session Control’s rules are dedicated to all hosts(internal/external).
This is the design of the Zyxel gateway. Zyxel device gives possibility to initiate sessions from external network.(e.g. SSH, DNS)
Thus, Default Session per Host was designed for general, not for only internal network.
You can apply individual limits for specific addresses as in the following screenshot;
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight