Log: Maximum sessions per host (1000) was exceeded (From 127.0.0.1 TO 127.0.0.1)

MStil
MStil Posts: 1
edited April 2021 in Security
Hello all,

I receive loads of log messages that say that Maximum sessions per host (1000) was exceeded on a ATP200 device. Source and destination are both localhost (127.0.0.1). I know how to increase the amount of sessions, but I don't think this is normal behaviour for the firewall.

Is that resolvable?
Tagged:
«1

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,039  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Could you provide those log messages screenshots to me via private message?
    (You can navigate Web GUI: Monitor > Log screenshot it)
    I would like to know if those messages are normal. 
    Thanks.

  • VVF
    VVF Posts: 4
    First Anniversary First Comment
    We have the same error message on AT200.
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,039  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @MStil

    The device will synchronize with the cloud server to keep the security signatures, NTP update, query the cloud database to have more complete security preventions. Normally the session number won’t exceed 1000. Do you have additional firewall/router in front of the device which may drop those sessions initiated by USG? Or you can enlarge(or unlimit) the session limitation on the device so that the error log won’t appear again.

    First, add an address object for localhost IP 127.0.0.1.

    Configuration > Object > Address/Geo IP > Address > Add an address

    for localhost.



     

    Configuration > Security > Session Control > Add a session limit rule for localhost

    You can enlarge” Session Limit per Host” numbers or set it to “0” unlimited.




  • VVF
    VVF Posts: 4
    First Anniversary First Comment
    Yes, after making this settings, these errors disappear, but others appeared



    SSL traffic scanning is enabled in one rule for only one user, and his Internet access is "frozen" for different sites.



  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Do you use any UTM ? maybe try disabling them.


  • Zyxel_Tobias
    Zyxel_Tobias Posts: 200  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hi @VVF

    this looks different and like a memory leak. May I can help you by E-Mail? Just let me know and I´ll execute to create a Support Ticket to look into it. We can try to fix it by config change temporary and working on a solution, that it didn´t run out of memory.

    Kind Regards,

    Tobias
  • VVF
    VVF Posts: 4
    First Anniversary First Comment
    Ок! Your Russian colleagues have already tortured me with requests to carry out various tests on our working equipment, but there is still no result.


    Can you help?

  • Zyxel_Tobias
    Zyxel_Tobias Posts: 200  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hi @VVF

    I can see the ticket and they are co-working already with a higher team as you can reach by forum.

    So as soon as our development get all needed test info I´m sure we can figure out the issue and fix it.

    Thanks for understanding.

    Have a good weekend.

    Kind Regards,

    Tobias
  • sasch
    sasch Posts: 9
    First Comment
    Hi,

    i habe a similar issue with my NAS (10.0.1.5)... this entry appears in the log even if there are very few sessions on the device (USG110)...   67 / 150000 

    4 2021-04-22 14:07:35 warn Sessions Limit Maximum sessions per host (1000) was exceeded. [count=85] 10.0.1.5 10.0.1.1 ACCESS BLOCK

    Any Idea?

    Maybe the QNAP-Cloud service?!
    An issue with Custom DNS / IPv6 Prefix Delegation?!
    Or a Problem with the implementation of the session counter itself...

  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment

    Hi @sasch ,

      

    You can create session limit rule for your NAS as in the following screenshot. (Configuration > Security Policy > Session Control)


Security Highlight