Maximum sessions per host (1000) was exceeded (count=255)

PhilippeBkk
PhilippeBkk Posts: 13  Freshman Member
First Anniversary 10 Comments Friend Collector
My log are currently full of warn message that indicate: Maximum sessions per host (1000) was exceeded (count=255)
This all come from external IP adresses (a lot of different IP, from a lot of different countries( pointing to my ISP fix IP adress. How bad it is and how can I fix that?

All Replies

  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment

    Hi @PhilippeBkk,


    What’s your device model and firmware version?

     

    Please make sure about following rules;

     

    1- Enable Policy Control under Configuration > Security Policy > Policy Control

    2- Enable security policy rule for WAN_to_Device under Policy Control menu

    3
    - Choose which services you want to allow from External to Zyxel Device:
    Configuration > Object > Service > Service Group > System Default Allow From WAN To ZyWALL


  • PhilippeBkk
    PhilippeBkk Posts: 13  Freshman Member
    First Anniversary 10 Comments Friend Collector
    HEllo and many thanks for your comment and help
    Firwmawere is latest and policy rules already enabled.
    This problem appear only since last week



    To block quicker I have made this rule but I am not sure if it helps

    but log are still the same, full in few minutes mostly to the WAN of ISP1
  • zyman2008
    zyman2008 Posts: 197  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    PhilippeBkk,
    To has a better protection. It's not a good ideal to allow access the DNS service on your firewall from Internet.
    Also, for HTTP or HTTPs to access firewall management Web GUI should only allow access from a limited source IP addresses instead of open to all. 


  • PhilippeBkk
    PhilippeBkk Posts: 13  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Thanks for the advice. Will do, But this is not related to my current issue isn't it?
    (For testing I remove HTTP-HTTPS and DNS; still the same issue with log full in few minutes)
    What I do not get it that, for my understanding, session host limit is supposed to regulate session of host, which I believe should be from internal of our network, in the idea of sharing the ressources and not one user taking all
    I do not understand how an external IP is considered as host ? Apparently there is something I miss.
    Also, is it a real issue to have all of this warning?
    Last, if it is not an particular issue, still remain the fact it fill up my logs in minutes and I cannot find a way to remove those log warning. Is there a way?
    Thanks in advance
  • zyman2008
    zyman2008 Posts: 197  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    for my understanding, session host limit is supposed to regulate session of host, which I believe should be from internal of our network, in the idea of sharing the resources and not one user taking all
    I do not understand how an external IP is considered as host ? 
    Got your point.
    I never change the session limit default settings so that won't think about this question.
    After some testing on my ZyWALL110. Look like it check all the sessions no matter from LAN to Internet or Internet to ZyWALL/LAN will hit the limit.
    Not sure what's Zyxel though of this design and use cases for Internet to LAN.

  • PhilippeBkk
    PhilippeBkk Posts: 13  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Thanks for your insight. I also never change it until 2 weeks ago when I started to have huge amount of logs
  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment

    Hi @PhilippeBkk, @zyman2008,

     

    Session Control’s rules are dedicated to all hosts(internal/external).

     

    This is the design of the Zyxel gateway. Zyxel device gives possibility to initiate sessions from external network.(e.g. SSH, DNS)

     

    Thus, Default Session per Host was designed for general, not for only internal network.

     

    You can apply individual limits for specific addresses as in the following screenshot;



Security Highlight