Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Netstat connections X Maximum Concurrent Connections

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      m77
      last edited by stephenw10

      I want to know if the value of the line "connections established (including accepts)" when executing the command "netstat -s" in pfsense has the same relation as the values presented in the datasheets of commercial firewalls, specifically in the line "Concurrent Sessions" in the datasheet (https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortigate-100f-series.pdf) or "Max sessions" in the datasheet (https://www.paloaltonetworks.com/resources/datasheets/pa-800-series-datasheet).

      Below is a part of the output of the netstat -s command in pfsense:

      tcp:
	59514595 packets sent
		18774549 data packets (24820362633 bytes)
		221228 data packets (250499605 bytes) retransmitted
		2799 data packets unnecessarily retransmitted
		0 resends initiated by MTU discovery
		38601364 ack-only packets (0 delayed)
		0 URG only packets
		19921 window probe packets
		483474 window update packets
		1418604 control packets
	47044738 packets received
		9273022 acks (for 24578327701 bytes)
		16780173 duplicate acks
		0 acks for unsent data
		20418882 packets (23629655697 bytes) received in-sequence
		16512527 completely duplicate packets (22243693 bytes)
		499 old duplicate packets
		54 packets with some dup. data (12630 bytes duped)
		46255 out-of-order packets (62091535 bytes)
		0 packets (0 bytes) of data after window
		0 window probes
		127367 window update packets
		1886 packets received after close
		7 discarded for bad checksums
		0 discarded for bad header offset fields
		0 discarded because packet too short
		0 discarded due to memory problems
	36710 connection requests
	1412997 connection accepts
	16 bad connection attempts
	0 listen queue overflows
	18453 ignored RSTs in the windows
	**1449706 connections established (including accepts)**
		746319 times used RTT from hostcache
		746319 times used RTT variance from hostcache
		156778 times used slow-start threshold from hostcache
	1449699 connections closed (including 69247 drops)
		216298 connections updated cached RTT on close
		216526 connections updated cached RTT variance on close
		73071 connections updated cached ssthresh on close
      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        No that looks like a total connections counter not a concurrent connections value.
        You can reset it using netstat -s -z

        The firewall states are probably what you want there. Something from pfinfo perhaps.

        Steve

        1 Reply Last reply Reply Quote 0
        • M
          m77
          last edited by

          Hi,

          I ran the netstat -sz command and in fact the counters were reset.

          In your opinion, the value that is related to the "Maximum Concurrent" values in the datasheets is in Diagnostics -> Pfinfo.

          My Pfsense has more than 26 interfaces, when executing pfinfo, it seems that it only gives me the states of the vtnet0 interface or are these values from the entire firewall, from all interfaces?

          Interface Stats for vtnet0 IPv4 IPv6
          Bytes In 1846426 29366
          Bytes Out 8445375 0
          Packets In
          Passed 17088 107
          Blocked 222 187
          Packets Out
          Passed 20651 0
          Blocked 0 0

          State Table Total Rate
          current entries 27215
          searches 175239122230 54447.8/s
          inserts 789906460 245.4/s
          removals 789879243 245.4/s
          Source Tracking Table
          current entries 0
          searches 0 0.0/s
          inserts 0 0.0/s
          removals 0 0.0/s
          Counters
          match 1057943655 328.7/s
          bad-offset 0 0.0/s
          fragment 1 0.0/s
          short 36 0.0/s
          normalize 519 0.0/s
          memory 0 0.0/s
          bad-timestamp 0 0.0/s
          congestion 0 0.0/s
          ip-option 505093 0.2/s
          proto-cksum 0 0.0/s
          state-mismatch 329672 0.1/s
          state-insert 76 0.0/s
          state-limit 0 0.0/s
          src-limit 0 0.0/s
          synproxy 0 0.0/s
          map-failed 0 0.0/s
          Limit Counters
          max states per rule 0 0.0/s
          max-src-states 0 0.0/s
          max-src-nodes 0 0.0/s
          max-src-conn 0 0.0/s
          max-src-conn-rate 0 0.0/s
          overload table insertion 0 0.0/s
          overload flush states 0 0.0/s

          states hard limit 814000
          src-nodes hard limit 814000
          frags hard limit 25000
          table-entries hard limit 400000

          tcp.first 120s
          tcp.opening 30s
          tcp.established 86400s
          tcp.closing 900s
          tcp.finwait 45s
          tcp.closed 90s
          tcp.tsdiff 30s
          udp.first 60s
          udp.single 30s
          udp.multiple 60s
          icmp.first 20s
          icmp.error 10s
          other.first 60s
          other.single 30s
          other.multiple 60s
          frag 30s
          interval 10s
          adaptive.start 488400 states
          adaptive.end 976800 states
          src.track 0s

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            That is the total pf state entries. So that includes all protocols and it's also usually about double the connection count since each connection through the firewall opens a state on both interfaces it goes through.
            I was trying to find a direct command that can show only TCP state counts but so far I nothing.

            Also that's the current count not a limit so it's not comparable with any sort of 'max' value on other firewalls.
            https://docs.netgate.com/pfsense/en/latest/firewall/increasing-the-state-table-size.html

            Steve

            1 Reply Last reply Reply Quote 0
            • M
              m77
              last edited by

              The resources available in Status -> Monitoring, configuring Left Axis as Traffic, Grafh with one of the VLANs I own and the period in the last 30 days, returned the data below. Would the sum of the data in the Maxmium column, in the lines "inpass", "outpass", "outblock" and "inblock" be the maximum value processed by the firewall reached in that period for this VLAN?

              Is this something like the maximum throughput achieved for this VLAN in that period?

              Screenshot from 2020-09-25 13-29-18~2.png

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                No because they were not necessarily reached at the same time. You can see the peak outpass value was not at the same point as peak inpass.
                Also because the resolution is low at a 1 month scale in RRD so there may well have been peaks higher than what is shown there.

                Steve

                1 Reply Last reply Reply Quote 0
                • M
                  m77
                  last edited by

                  Indeed, when the resolution value for the same period is deepened, the values obtained in the report are different.

                  Below the last 30 days with 01 hour resolution on the same network.

                  monitoring-traffic-1h.png

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.