-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Edouard Zorrilla wrote:
> I am running a Firewall Cluster XL, just one node active the another one is > in standby. The issue is the suddenly the Firewall started to drop packets by > the SmartDefense since there were many connection which exceeded the number > of connections per second permited (SmartDefense -> Network Quota option). > The issue is that it doesn't seems to be one attack since all the connectios > are valid ones, for my understanding the clients are asking more information > than before since all the packes droped are going from the clients to the > oracle server (port 1521/tcp). It may also be an indication of a problem. It could be an attack on the website that will result in heavy traffic to the backend database. But for that one needs to know a lot more about the exact topology. But I would guess that a serious amount of sessions for Oracle would also mean a serious resource consumption on the database server. > 1.- How can I measure or know the amount of concurrent connections at one > specific time, maybe they are more than the 25000 which the default. ? The smartdefense settings are quite different from this limit. So verify what sort of traffic you should expect on that application and adjust your smartdefense settings accordingly. Consult with the Oracle people to learn how many sessions they can handle. No point in allowing 2000 new sessions per second if 100 new sessions per second will be the limit for your database. Hugo. - -- [EMAIL PROTECTED] http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHF02LBvzDRVjxmYERAtHCAJ9lYfJb5FwT00n13GN8YyhVzQTinQCeINzZ xLmMxjfhCL2OrWKMs8mjoZ8= =NJP6 -----END PGP SIGNATURE----- ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
