Log: Maximum sessions per host (1000) was exceeded (From 127.0.0.1 TO 127.0.0.1)

MStil · January 2021

Hello all,

I receive loads of log messages that say that Maximum sessions per host (1000) was exceeded on a ATP200 device. Source and destination are both localhost (127.0.0.1). I know how to increase the amount of sessions, but I don't think this is normal behaviour for the firewall.

Is that resolvable?

Zyxel_Jeff · February 2021

Hi @MStil

Could you provide those log messages screenshots to me via private message?

(You can navigate Web GUI: Monitor > Log screenshot it)

I would like to know if those messages are normal.

Thanks.

VVF · February 2021

We have the same error message on AT200.

Image: https://us.v-cdn.net/6029482/uploads/editor/v2/ogalzi4hkg93.gif

Zyxel_Jeff · February 2021

Hi @MStil

The device will synchronize with the cloud server to keep the security signatures, NTP update, query the cloud database to have more complete security preventions. Normally the session number won’t exceed 1000. Do you have additional firewall/router in front of the device which may drop those sessions initiated by USG? Or you can enlarge(or unlimit) the session limitation on the device so that the error log won’t appear again.

First, add an address object for localhost IP 127.0.0.1.

Configuration > Object > Address/Geo IP > Address > Add an address

for localhost.

Image: https://us.v-cdn.net/6029482/uploads/editor/2d/nc7mb9tt9v98.png

Configuration > Security > Session Control > Add a session limit rule for localhost

You can enlarge” Session Limit per Host” numbers or set it to “0” unlimited.

Image: https://us.v-cdn.net/6029482/uploads/editor/jo/y5h8bkp37elu.png

Image: https://us.v-cdn.net/6029482/uploads/editor/ef/a506vrqr3yde.png

VVF · February 2021

Yes, after making this settings, these errors disappear, but others appeared

Image: https://us.v-cdn.net/6029482/uploads/editor/3m/hqgta2u31e0i.gif

SSL traffic scanning is enabled in one rule for only one user, and his Internet access is "frozen" for different sites.

PeterUK · February 2021

Do you use any UTM ? maybe try disabling them.

Zyxel_Tobias · February 2021

Hi @VVF

this looks different and like a memory leak. May I can help you by E-Mail? Just let me know and I´ll execute to create a Support Ticket to look into it. We can try to fix it by config change temporary and working on a solution, that it didn´t run out of memory.

Kind Regards,

Tobias

VVF · February 2021

Ок! Your Russian colleagues have already tortured me with requests to carry out various tests on our working equipment, but there is still no result.

https://support.zyxel.eu/hc/requests/191899

Can you help?

Zyxel_Tobias · February 2021

Hi @VVF

I can see the ticket and they are co-working already with a higher team as you can reach by forum.

So as soon as our development get all needed test info I´m sure we can figure out the issue and fix it.

Thanks for understanding.

Have a good weekend.

Kind Regards,

Tobias

sasch · April 2021

Hi,

i habe a similar issue with my NAS (10.0.1.5)... this entry appears in the log even if there are very few sessions on the device (USG110)... 67 / 150000

4 2021-04-22 14:07:35 warn Sessions Limit Maximum sessions per host (1000) was exceeded. [count=85] 10.0.1.5 10.0.1.1 ACCESS BLOCK

Any Idea?

Maybe the QNAP-Cloud service?!
An issue with Custom DNS / IPv6 Prefix Delegation?!
Or a Problem with the implementation of the session counter itself...