Skip to content

All the information you need—in one place.

Want to read our latest whitepapers or Tech Tips? Or check out our library of data sheets and case studies? Netcordia's resource center is constantly updated with new materials, so you can always stay on top of our products, solutions, and services.

Health First Uses NetMRI

"Uptime has definately improved with NetMRI. Since acquiring NetMRI three years ago, we have not had any configuration-related events...You buy this tool to save you time, and it continues to do so. NetMRI is that other person on the team, which costs considerably less than adding another person."

—Mark Davidson, Senior Network Engineer

Read Case Study

Tech Tips

Take the Next Step:

Related Information

Network Analysis Tip: Firewall Connection Count Exceeded

Why is this important?

Like many network issues, this problem can be easily diagnosed, but because the symptoms can lead to an incorrect diagnosis and the problem is intermittent, it can be time consuming to discover.

It is typical for IT Staff to size firewall connection licenses at purchase and sometimes neglect to monitor usage growth. Growing dependence on e-business applications and remote workers using VPNs will increase the dependency on firewall infrastructure leading to an increase in license usage.

The problem manifests as intermittent connection issues. It can easily be mistaken for a general network error particular to a specific group of users, a specific application, or a specific area of the network.

Firewall Connection Count Exceeded

The impact of intermittent users on firewall device connection counts

Typically, the network team will be looking for problems within the infrastructure that may be common among the group reporting the issue while the application team checks applications common to group. This leads to not only an ineffective use of technical resources, but delays in identifying the actual source of the problem. This can be exacerbated by organizational structure that often separates the network team from the staff responsible for maintaining the firewalls.

If your organization utilizes the Cisco PIX firewall, troubleshooting involves logging into each firewall and running the command "show conn"

pixfirewall> show conn
32 in use, 32 remain, 48 most used

In the case above, the license count has never been exceeded (in use plus remain is less than most used). In this case, you would be able to rule out the firewall license count as a source of your problem. If the most used field above equaled 64, you would be able to ascertain that at some point in time, you have maxed out your license count. However, you would still be uncertain about when that happened and if it is actually the source of the problem because you do not know when the license count was exceeded.

In the Netcordia environment, we monitor the "most used" connections in relationship to the total license count and automatically fire an issue on three thresholds:

  • If "most used" is at least 50% but less than 60%, it is recorded at the "info" level
  • If "most used" is at least 60% but less than 80%, it is recorded at the "warning" level
  • If "most used" is greater than 80%, it is recorded at the "error" level

Netcordia provides you with not only the knowledge of when you have exceeded your license count, but a series of warning messages that allow your group to proactively plan for additional license count prior to encountering connectivity issues for your user community.

Back to Tech Tips