Log: Maximum sessions per host (1000) was exceeded (From 127.0.0.1 TO 127.0.0.1)

MStil
MStil Posts: 1
edited April 2021 in Security
Hello all,

I receive loads of log messages that say that Maximum sessions per host (1000) was exceeded on a ATP200 device. Source and destination are both localhost (127.0.0.1). I know how to increase the amount of sessions, but I don't think this is normal behaviour for the firewall.

Is that resolvable?
Tagged:

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 345
    25 Answers First Comment Friend Collector First Anniversary
     Master Member

    Could you provide those log messages screenshots to me via private message?
    (You can navigate Web GUI: Monitor > Log screenshot it)
    I would like to know if those messages are normal. 
    Thanks.

  • VVF
    VVF Posts: 4
    First Comment First Anniversary
    We have the same error message on AT200.
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 345
    25 Answers First Comment Friend Collector First Anniversary
     Master Member

    Hi @MStil

    The device will synchronize with the cloud server to keep the security signatures, NTP update, query the cloud database to have more complete security preventions. Normally the session number won’t exceed 1000. Do you have additional firewall/router in front of the device which may drop those sessions initiated by USG? Or you can enlarge(or unlimit) the session limitation on the device so that the error log won’t appear again.

    First, add an address object for localhost IP 127.0.0.1.

    Configuration > Object > Address/Geo IP > Address > Add an address

    for localhost.



     

    Configuration > Security > Session Control > Add a session limit rule for localhost

    You can enlarge” Session Limit per Host” numbers or set it to “0” unlimited.




  • VVF
    VVF Posts: 4
    First Comment First Anniversary
    Yes, after making this settings, these errors disappear, but others appeared



    SSL traffic scanning is enabled in one rule for only one user, and his Internet access is "frozen" for different sites.



  • PeterUK
    PeterUK Posts: 1,451
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member
    Do you use any UTM ? maybe try disabling them.


  • Zyxel_Tobias
    Zyxel_Tobias Posts: 195
    5 Answers First Comment Friend Collector Third Anniversary
     Zyxel Employee
    Hi @VVF

    this looks different and like a memory leak. May I can help you by E-Mail? Just let me know and I´ll execute to create a Support Ticket to look into it. We can try to fix it by config change temporary and working on a solution, that it didn´t run out of memory.

    Kind Regards,

    Tobias
  • VVF
    VVF Posts: 4
    First Comment First Anniversary
    Ок! Your Russian colleagues have already tortured me with requests to carry out various tests on our working equipment, but there is still no result.


    Can you help?

  • Zyxel_Tobias
    Zyxel_Tobias Posts: 195
    5 Answers First Comment Friend Collector Third Anniversary
     Zyxel Employee
    Hi @VVF

    I can see the ticket and they are co-working already with a higher team as you can reach by forum.

    So as soon as our development get all needed test info I´m sure we can figure out the issue and fix it.

    Thanks for understanding.

    Have a good weekend.

    Kind Regards,

    Tobias
  • sasch
    sasch Posts: 9
    First Comment
    Hi,

    i habe a similar issue with my NAS (10.0.1.5)... this entry appears in the log even if there are very few sessions on the device (USG110)...   67 / 150000 

    4 2021-04-22 14:07:35 warn Sessions Limit Maximum sessions per host (1000) was exceeded. [count=85] 10.0.1.5 10.0.1.1 ACCESS BLOCK

    Any Idea?

    Maybe the QNAP-Cloud service?!
    An issue with Custom DNS / IPv6 Prefix Delegation?!
    Or a Problem with the implementation of the session counter itself...

  • Zyxel_Can
    Zyxel_Can Posts: 342
    5 Answers First Comment Friend Collector
     Zyxel Employee

    Hi @sasch ,

      

    You can create session limit rule for your NAS as in the following screenshot. (Configuration > Security Policy > Session Control)


Security Highlight