Session limit causes loss of connectivity to web interface?
Hello,
We have 2 ATP500's in HA configuration. This morning we had a widespread DNS outage on the client workstations. The Local DNS servers on the network were functional, so I went to check ATP logs, but the login screen failed to load. I did not think to try another connection method such as SSH or telnet.
We turned off the active router which triggered a fail-over event, and then I was able to immediately log in to the other router. The syslog was full of session limit errors for our secondary DNS server. I set the session limit to 0 for that server to fix that problem. Our primary DNS server already had an entry for session limit 0.
I turned the primary router back on, allowed time to finish the HA sync, and failed the router back over by pulling the WAN cable. Now the router is serving up the log in page properly.
I think what triggered this was I rebooted all servers Friday night for updates, and the primary DNS server was down for quite some time. I suppose the secondary was sending in a flood of requests this morning resulting in the session blocking.
But, why would active session blocking against one host cause the inability to connect to the management interface via IP?
Thank you,
0
All Replies
-
Hi @mattb
Are you asking why the host (which hits the session limit value) can not connect to the device management interface?
If so, once the host hits the session limit, not only the traffic going outside but also traffic accessing to the device GUI will be limited.0 -
You should check your host. In case the session limit will be reached, normally something is wrong at your host.Days ago we experienced slow network connections or the loss of network traffic for all of our 4 programmer's hosts while all other machines of the company, which reside in the same network segment, were still able to communicate. It turned out that the programmers has implemented a fault time server query into its software project where the time server was polled so often per minute that the session limit at USG has been exceeded for those 4 machines.0
-
Hi Vic, it would make sense that the blocked host couldn't connect, but the web interface would not load from two other workstations that we tried.Zyxel_Vic said:Hi @mattb
Are you asking why the host (which hits the session limit value) can not connect to the device management interface?
If so, once the host hits the session limit, not only the traffic going outside but also traffic accessing to the device GUI will be limited.
0 -
Thank you,Yes in this case the blocked host was a secondary domain controller. I also had to remove the session limits for our primary DC several months ago. They are both DNS servers, so when they come back online after being turned off I presume they want to update their local DNS cache and send a massive number of external requests. Normally they stay under the session limits.It's just odd that it only affected the web interface of one of the HA routers even though they are mirrored.USG_User said:You should check your host. In case the session limit will be reached, normally something is wrong at your host.Days ago we experienced slow network connections or the loss of network traffic for all of our 4 programmer's hosts while all other machines of the company, which reside in the same network segment, were still able to communicate. It turned out that the programmers has implemented a fault time server query into its software project where the time server was polled so often per minute that the session limit at USG has been exceeded for those 4 machines.
0 -
Hi Vic,It's been normal since we rebooted the router. Thank you0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 264 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 41 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight